Systems, apparatuses and methods for network packet management

ABSTRACT

Methods and systems are provided for latency-oriented router. An incoming packet is received on a first interface. The type of the incoming packet is determined. Upon the detection that the incoming packet belongs to latency-critical traffic, the incoming packet is duplicated into one or more copies. Subsequently, the duplicated copies are sent to a second interface in a delayed fashion where the duplicated copies are spread over a time period. The duplicated copies are received and processed at the second interface.

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.15/640,565, filed Jul. 2, 2017, entitled “Systems, Apparatuses andMethods for Network Packet Management” (“the '565 application”). The'565 application in turn claims priority to U.S. Provisional ApplicationNo. 62/358,341, filed Jul. 5, 2016, entitled “Latency Oriented Router”(“the '341 application”); U.S. Provisional Application No. 62/376,073,filed Aug. 17, 2016, entitled “Latency Oriented Router” (“the '073application”); U.S. Provisional Application No. 62/421,193, filed Nov.11, 2016, entitled “Latency Oriented Router” (“the '193 application”);and U.S. Provisional Application No. 62/526,116, filed Jun. 28, 2017,entitled “Latency-Oriented Router with Download and Video Acceleration”(“the '116 application”). The content of each of the '565, '341, '073,'193 and '116 applications is incorporated herein in its entirety.

FIELD OF THE DISCLOSURE

The present disclosure relates generally to packet processing incommunication networks.

BACKGROUND

The “last mile” or “last kilometer” is a widely used phrase in thetelecommunications, cable television and internet industries to refer tothe final leg of the telecommunications network's delivery componentsand mechanisms to retail end-users or customers. Specifically, the lastmile is the common colloquialism referring to the portion of thetelecommunications network chain that physically reaches the end-user'spremises. Examples are the copper wire subscriber lines connectingtelephones to the local telephone exchange, coaxial cable service dropscarrying cable television signals from utility poles to subscribers'homes, and cell towers linking local cell phones to the cellularnetwork. The word “mile” is used metaphorically; the length of the lastmile link may be more or less than a mile.

Because the last mile connection between the end-user's router andInternet Service Provider (ISP) often uses relatively low-qualityconnections (such as poorly conditioned ADSL, or wireless), the lastmile may be a significant source of lost packets, which in turn oftencauses significant delays (such as increased latency and/or jitter). Theproblem is exacerbated for some latency-critical services such as VoIPand game applications.

Additionally, there is a common misperception that the quality of aconnection can be measured exclusively in terms of bandwidth and/orthroughput. However, for many applications (such as VoIP and games)different parameters, such as latency and jitter, may be much moreimportant.

As a result, traditional communication systems fail to provide an idealuser experience with optimal reliability, efficiency, and latency.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated herein and form a partof the specification, illustrate embodiments of the present disclosureand, together with the description, further serve to explain theprinciples of the disclosure and to enable a person skilled in therelevant art to make and use the disclosure.

FIG. 1A is a schematic diagram illustrating an exemplary connectionbetween user devices and a server through a traditional router.

FIG. 1B is a schematic diagram illustrating connection of alatency-oriented router, according to an embodiment of the presentdisclosure.

FIG. 1C is a schematic diagram illustrating connection of alatency-oriented router, according to another embodiment of the presentdisclosure.

FIG. 1D is a schematic diagram illustrating connection of alatency-oriented router, according to another embodiment of the presentdisclosure.

FIG. 1E is a schematic diagram illustrating connection of anintermediate proxy, according to another embodiment of the presentdisclosure.

FIG. 1F is a schematic diagram illustrating connection of alatency-oriented router, according to another embodiment of the presentdisclosure.

FIG. 1G is a schematic diagram illustrating connection of alatency-oriented router, according to still another embodiment of thepresent disclosure.

FIG. 1H is a schematic diagram illustrating connection of alatency-oriented router, according to still another embodiment of thepresent disclosure.

FIG. 1I is a schematic diagram illustrating connection oflatency-oriented routers, according to an embodiment of the presentdisclosure.

FIG. 1J is a schematic diagram illustrating connection oflatency-oriented routers implementing a “game state”, according to anembodiment of the present disclosure.

FIG. 1K is a schematic diagram illustrating connection oflatency-oriented routers implementing “X-Plugin”, according to anembodiment of the present disclosure.

FIG. 2A is a block diagram illustrating an exemplary implementation of alatency-oriented router, according to an embodiment of the presentdisclosure.

FIG. 2B is a block diagram illustrating an implementation of alatency-oriented proxy, according to an embodiment of the presentdisclosure.

FIG. 2C is a block diagram illustrating an exemplary implementation ofan intermediate proxy, according to an embodiment of the presentdisclosure.

FIG. 2D is a block diagram illustrating an exemplary implementation of aproxy router, according to an embodiment of the present disclosure.

FIG. 2E is a block diagram illustrating an exemplary implementation of asimple proxy, according to an embodiment of the present disclosure.

FIG. 2F is a block diagram illustrating an exemplary implementation of aTCP-handling subsystem, which may optionally be incorporated intolatency-oriented router and/or proxy router, according to an embodimentof the present disclosure.

FIG. 2G is a block diagram illustrating another exemplary implementationof a TCP-handling subsystem, according to an embodiment of the presentdisclosure.

FIG. 3A illustrates transmission of latency-critical packets withpossible modifications to the IP packets, according to an embodiment ofthe present disclosure.

FIG. 3B illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets, according to an embodiment ofthe present disclosure.

FIG. 3C illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets in presence of an intermediateproxy, according to an embodiment of the present disclosure.

FIG. 3D illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets in presence of a proxy router,according to an embodiment of the present disclosure.

FIG. 3E illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets in presence of a simple proxy,according to an embodiment of the present disclosure.

FIG. 3F illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets in presence of a simple proxy,according to another embodiment of the present disclosure.

FIG. 3G illustrates transmission of latency-critical reply packets withpossible modifications to the IP packets, according to an embodiment ofthe present disclosure.

FIG. 4A is a flow diagram illustrating operation method of alatency-oriented router, according to an embodiment of the presentdisclosure.

FIG. 4B is a flow diagram illustrating operation method of alatency-oriented router, according to another embodiment of the presentdisclosure.

FIG. 4C is a flow diagram illustrating operation method of alatency-oriented proxy, according to an embodiment of the presentdisclosure.

FIG. 4D is a flow diagram illustrating operation method of alatency-oriented proxy, according to another embodiment of the presentdisclosure.

FIG. 4E is a flow diagram illustrating the operation method of anintermediate proxy, according to an embodiment of the presentdisclosure.

FIG. 4F is a flow diagram illustrating the operation method of anintermediate proxy, according to another embodiment of the presentdisclosure.

FIG. 4G is a flow diagram illustrating the operation method of a proxyrouter, according to an embodiment of the present disclosure.

FIG. 4H is a flow diagram illustrating the operation method of a proxyrouter, according to another embodiment of the present disclosure.

FIG. 4I is a flow diagram illustrating the operation method of a simpleproxy, according to an embodiment of the present disclosure.

FIG. 4J is a flow diagram illustrating the operation method of a simpleproxy, according to another embodiment of the present disclosure.

FIG. 5 illustrates an example computer system, according to anembodiment of the present disclosure.

The embodiments will be described in detail with reference to theaccompanying drawings. In the drawings, generally, like referencenumbers indicate the same or functionally similar elements.

DETAILED DESCRIPTION

Certain illustrative aspects of the systems, apparatuses, and methodsaccording to the present invention are described herein in connectionwith the following description and the accompanying figures. Theseaspects are indicative, however, of but a few of the various ways inwhich the principles of the invention may be employed and the presentinvention is intended to include all such aspects and their equivalents.Other advantages and novel features of the invention may become apparentfrom the following detailed description when considered in conjunctionwith the figures.

In the following detailed description, numerous specific details are setforth in order to provide a thorough understanding of the invention. Inother instances, well known structures, interfaces, and processes havenot been shown in detail in order not to unnecessarily obscure theinvention. However, it will be apparent to one of ordinary skill in theart that those specific details disclosed herein need not be used topractice the invention and do not represent a limitation on the scope ofthe invention, except as recited in the claims. It is intended that nopart of this specification be construed to effect a disavowal of anypart of the full scope of the invention. Although certain embodiments ofthe present disclosure are described, these embodiments likewise are notintended to limit the full scope of the invention.

The present disclosure comprises systems, methods and apparatuses forlatency-oriented routing. While the present invention is described andexplained in the context a latency-oriented router in communication withan internet service provider and end users, it is to be understood thatit is not so limited and may be applicable to any systems, methods andapparatuses directed to any packet processing communication networks.For example, the present disclosure may also be used in systems, methodsand apparatuses for on-chip packet routing and processing.

FIG. 1A is a schematic diagram illustrating an exemplary connectionbetween user devices and a server through a traditional router. Theexemplary system shown in FIG. 1A includes user devices 110, traditionalhome router 112, ISPs 140 and 148 and server 180. User devices 110(which may be any network connectable device, such as desktop, laptop,phone, tablet, etc.) are connected using connection 150 to a traditionalhome router 112. For example, connection 150 may be a Wi-Fi, an Ethernet(including, but not limited to, 10BASE-T, 100BASE-T, 1000BASE-T,1000BASE-X, 10GBASE-T, or any other of 10BASE, 100BASE, 1000BASE, or10GBASE connections) or any other existing or future developedcommunication systems and/or protocols with similar functionalities.Traditional home router 112 may additionally provide services such asbeing a Dynamic Host Configuration Protocol (DHCP) server to userdevices 110 and/or act as a DHCP client with regards to its connectionto ISP 140.

Traditional home router 112 may connect to the ISP 140 using aconnection 130. For example, connection 130 may be an Asymmetric DigitalSubscriber Line (ADSL), Symmetric Digital Subscriber Line (SDSL), cable,3G, 4G, LTE, Ethernet (including, but not limited to, 10BASE-T,100BASE-T, 1000BASE-T, 1000BASE-X, 10GBASE-T, or any other of 10BASE,100BASE, 1000BASE, or 10GBASE connections), or any other existing orfuture developed system and/or method of communication with similarfunctionalities. ISPs 140 and 148 may provide access to the Internet144.

In an embodiment, server 180 (which may be, for example, a game server,a media server, or a VoIP server), is connected to the ISP 148 usingconnection 190. Connection 190 may be, for example, an Ethernet(including, but not limited to, 10BASE-T, 100BASE-T, 1000BASE-T,1000BASE-X, 10GBASE-T, or any other of 10BASE, 100BASE, 1000BASE, or10GBASE connections), Infiniband, or any other existing or futuredeveloped system and/or method of communication with similarfunctionalities.

Communications between one of user devices 110 and server 180 may beperformed via exchanging packets (such as IP packets and/or packets thatcorrespond to Level 2, Level 3, or Level 4 of the Open SystemsInterconnection model).

FIG. 1B is a schematic diagram illustrating connection of alatency-oriented router, according to an embodiment of the presentdisclosure. FIG. 1B shows a system which may be used, for example, toimprove latency characteristics compared to the system shown in FIG. 1A.The system shown in the example of FIG. 1B includes user devices 110,latency-oriented router 120, ISPs 140A, 140B, 148A and 148B,latency-oriented proxy 121 and server 180. It is noted that there can beany number of ISPs 140 and of ISPs 148 (for example, one ISP 140 andthree ISPs 148 or vice versa), though only ISPs 140A, 140B, 148A, and148B are shown in FIG. 1A. User devices 110 are connected tolatency-oriented router 120, using connection 150. Latency-orientedrouter 120 may additionally provide services such as being a DynamicHost Configuration Protocol (DHCP) server to user devices 110 and/or actas a DHCP client with regards to one or more of its respectiveconnections to ISPs 140 (only ISP 140A and 140B are shown in FIG. 1B).

In an embodiment, latency-oriented router 120 uses one or moreconnections 130 to connect to one or more ISPs 140 (in FIG. 1B onlyconnections 130A and 130B and ISPs 140A and 140B are shown). Connections130A and 130B may be implemented using any combination of thecommunications mechanisms listed for connection 130 as described in FIG.1A; in particular, all connections 130 can use the same communicationmechanism, or all can use different communication mechanisms, or anyother combination of communication mechanisms. In an embodiment,connections 130 may lead to different ISP (as shown in FIG. 1B), or toany combination of ISPs, including all connections 130 leading to thesame ISP.

In an embodiment, ISPs 140A, 140B, 148A and 148B provide access to theInternet 144. Latency-oriented proxy 121 may be connected to one or moreISPs 148 using connections 190 (in FIG. 1B only ISPs 148A and 148B, andconnections 190A and 190B are shown). Connections 190A and 190B may beimplemented using any combination of the communications mechanismslisted for connection 190 as described in FIG. 1A; in particular, allconnections 190A and 190B can use the same communication mechanism, orall can use different communication mechanisms, or any other combinationof communication mechanisms. Also, connections 190A and 190B may lead todifferent ISP (as shown in FIG. 1B), or to any combination of ISPs,including all connections 190 leading to the same ISP.

In an embodiment, server 180 may be connected to Latency-oriented proxy121 using connection 191. Connection 191 may be implemented in any waydescribed above for connections 190, 190A and 190B. Alternatively,connection 191 may be implemented as an over-the-Internet connection,with server 180 being connected through its own ISP (not shown), andlatency-oriented proxy 121 sending the traffic directed to server 180,via one or more of ISPs 148, specifying the target IP address of therespective packets as the IP address (or one of IP addresses) of server180. An example of an embodiment that uses Internet to implementconnection 191 between latency-oriented proxy 121, and server 180, isshown in FIG. 1E.

FIG. 1C is a schematic diagram illustrating the connection of alatency-oriented router, according to another embodiment of the presentdisclosure. In this exemplary embodiment, an alternative way ofconnecting the latency-oriented router 120 to the ISP(s) 140A and 140Bis shown. In the configuration of FIG. 1C, latency-oriented router 120may provide user devices 110 with similar services as illustrated inFIG. 1B. According to an embodiment, latency-oriented router 120 mayconnect to one or more intermediate routers 160 (in FIG. 1C onlyintermediate router 160A and intermediate router 160B are shown) insteadof connecting directly to ISPs 140A or ISP 140B. For example, theintermediate routers 160A or 160B may be routers (including, but notlimited to, conventional routers used in the home or office), modems(such as, for example, 56 kBit/s modem, ADSL modem, cable modem, G.hnmodem), or any other present or future-developed device with similarfunctionality. In some embodiments, intermediate routers 160A and 160Bmay be of different types. In other embodiments, some or all of theintermediate routers 160 may be of the same type.

In a manner similar to that of the embodiment shown in FIG. 1B,latency-oriented router 120 may provide connection to user devices 110over connection 150. Latency-oriented router 120 may connect tointermediate routers 160A and/or 160B over connection(s) 170 (in FIG. 1Bonly connections 170A and 170B are shown). Connections 170A and 170B maybe implemented as, for example, an Ethernet connection or any otherconnection method listed with respect to connection 130 as described inFIG. 1A. In an embodiment, connections 170A and 170B may lead todifferent intermediate routers 160A and 160B (as shown in FIG. 1B), orto any combination of intermediate routers, including all connections170A and 170B leading to the same intermediate router. In someembodiments, latency-oriented router 120 may connect to some of ISPs140A and 140B directly (as shown in FIG. 1B), and to some of ISPs 140Aand 140B via intermediate router(s) 160A and 160B (as shown in FIG. 1C).

FIG. 1D is a schematic diagram illustrating connection of alatency-oriented router, according to another embodiment of the presentdisclosure. In addition to the components shown in FIG. 1B, theembodiment of FIG. 1D additionally includes intermediate proxy 122, oneor more ISPs 142, and one or more ISPs 146 (in FIG. 1D only ISPs 142A,142B, 146A, and 146B are shown). As in the example illustrated in FIG.1D, intermediate proxy 122 may be connected to ISPs 142 usingconnections 132, and to ISPs 146 using connections 192 (in FIG. 1D onlyconnections 132A, 132B, 192A, and 192B are shown). Connections 132and/or 192 may be implemented, for example, in the same manner asconnections 130 and/or 190. In some embodiments, Internet 144 shown onthe left side of intermediate proxy 122, may be the same as the Internet144 shown on the right side of intermediate proxy 122. In someembodiments, there may be more than one intermediate proxy 122 betweenlatency-oriented router 120 and latency-oriented proxy 121 (althoughonly one intermediate proxy 122 is shown in FIG. 1D).

FIG. 1E is a schematic diagram illustrating connection of anintermediate proxy, according to another embodiment of the presentdisclosure. As illustrated in the example of FIG. 1E, intermediate proxy122 may use one or more ISPs 142 to connect both its left-sideconnections and right-side connections to the Internet 144 (only ISPs142A and 142B are shown in FIG. 1E). In an embodiment, latency-orientedproxy 121 may connect to server 180 via Internet 144 through one or moreISPs 148 (only ISPs 148 and 148B are shown in FIG. 1E). Server 180 maybe connected via one or more ISPs 149 (only ISP 149A and 149B are shownin FIG. 1E) using connections 194 (in FIG. 1E only connections 194A and194B are shown). In an embodiment, connections 194 may be implementedsimilar to any of connections 130 and/or 190.

FIG. 1F is a schematic diagram illustrating connection of alatency-oriented router, according to another embodiment of the presentdisclosure. In this embodiment, latency-oriented router 120 isimplemented as a part of user device 110. User device 110 may have oneor more connections 130 and/or 170 (only two connections are shown inFIG. 1F), and latency-oriented router 120, implemented as a part of userdevice 110, may use one or more of these connections. In someembodiments, a first connection 130A may be implemented, for example, asa Wi-Fi connection (leading, for example, to intermediate router 160A),and a second connection 130B may be implemented, for example, as anEthernet connection (leading, for example, to intermediate router 160B).

FIG. 1G is a schematic diagram illustrating connection of alatency-oriented router, according to still another embodiment of thepresent disclosure. In the example illustrated in FIG. 1G, some of userdevices 110 (only 110A is shown) may have a latency-oriented router 120as a component or a part of user devices 110, and some other userdevices (only 110B is shown) may not have a latency-oriented router as acomponent or a part of the user devices. In an embodiment,latency-oriented router 120 uses proxy router 123 to communicate withthe Internet. In such an embodiment, user devices 110 (implementinglatency-oriented router 120 as a component of user devices 110), may useone or more connections 150 (in FIG. 1G only connections 150A and 150Bare shown), to communicate with proxy router 123. Proxy router 123 mayuse one or more connections 130 and/or 170 to communicate with ISP(s)140 and/or intermediate router(s) 160.

In an embodiment, connections 150A and 150B may be implemented as Wi-Ficonnections using different frequency bands of Wi-Fi (such as 2.4 GHzand 5 GHz), or different channels within the same frequency band. Inanother embodiment, connection 150A may be implemented using wiredEthernet and connection 150B may be implemented using Wi-Fi, or viceversa. In a yet another embodiment, connection 150A may be implementedusing Wi-Fi and connection 150B may be implemented using Bluetooth, orvice versa. Bluetooth connections may be implemented using, for example,a Bluetooth module(s) (not shown) on the user device 110 and proxyrouter 123. In a yet another embodiment, connection 150A may beimplemented using Wi-Fi and connection 150B may be implemented using asub-GHz radio connection, or vice versa. In some embodiments, one ormore of connections 150 may include intermediate devices (such asrouters, switches, wireless access points; not shown).

In some embodiments, the implementation may facilitate dual (or triple,or more) connections between user device 110 and proxy router 123 toensure reliability and minimal latency over connections such as Wi-Fi.In some embodiments, the implementation may facilitate dual (or triple,or more) connections between proxy router 123 and latency-oriented proxy121 to ensure reliability and minimal latency over connections in the“last mile” and the Internet. In some embodiments, one or moreadditional proxy routers (not shown) may be used between user device110A and proxy router 123. Such additional proxy router(s) may beimplemented in a manner similar to that of proxy router 123.

In embodiments in which two devices (e.g., user device 110 and proxyrouter 123) use Bluetooth for time sensitive communication, one or moreof the following techniques may be used to optimize Bluetooth latency.In this context, time sensitive communications may includecommunications occurring over one or more of connections 150. Inembodiments in which the devices use “classic” Bluetooth (with orwithout Enhanced Data Rate, the devices may establish the Bluetoothconnection in advance of the actual communication to reduce latencies.For example, the two devices may establish the Bluetooth connection assoon as they are in range whether a latency-critical session alreadyexists or not (e.g., by going through the usual “classic” Bluetoothconnection procedures of Inquiry/Inquiry Scan/Page/Page Scan/MasterResponse/Slave Response (and exchanging the appropriate associated datapackets) to establish an Asynchronous Connection-Less (ACL)communication link. This procedure is described in more detail in“Bluetooth 1.1 Connect Without Cables, by Jennifer Bray and Charles FSturman (2d ed. 2001), the entirety of which is incorporated herein byreference. For ease of reference, conveying latency-critical data overan ACL link may be referred to as an “ACL latency-critical channel.”

In some embodiments, the Bluetooth channel may be kept free of otherdata traffic and ACL packets may be sent by the master at any time.Accordingly, the delay before the ACL packets can be sent by the mastermay be in the order of one Bluetooth time slot (approximately 625 us).Further, to facilitate the Bluetooth slave sending latency-critical dataover the same ACL link, the Bluetooth master may send an ACL POLL packetto the Bluetooth slave at regular intervals. These regular POLLs mayenable the Bluetooth slave to respond while staying compliant with theBluetooth protocol. Alternatively, instead of regular intervals, theBluetooth master may send the POLLs to the Bluetooth slave whenever themaster doesn't have other data/packets to send. The Bluetooth master mayuse single-slot ACL packet to send the POLLs. This technique may allowthe delay for sending packets from the Bluetooth slave to the Bluetoothmaster to be reduced to approximately two Bluetooth time slots(approximately 1350 us).

In some embodiments, similar results may be achieved using a differenttechnique, particularly in embodiments in which manipulating POLLintervals is undesirable or impossible. In such embodiments, instead ofsending POLL packets at smaller intervals, a higher-level request, suchas sending a pre-defined application-level No Operation (NOP) messageover an SPP's simulated serial cable, may be initiated at regularintervals, T_(NOP), by a Bluetooth master device. T_(NOP) may range, forexample, from 1 ms to 5 ms. The recipient of such NOP messages (normallyan SPP reader on a Bluetooth slave device) may discard such NOPmessages. Even as NOP messages are discarded, such NOP messages maycause a Bluetooth ACL packet to be sent from a Bluetooth master deviceto a Bluetooth slave device, thereby providing the Bluetooth slavedevice with an opportunity to reply with latency-critical data before aPOLL would permit, and thereby improving latency in the direction ofBluetooth slave device to Bluetooth master device. In some embodiments,a Bluetooth master device, when sending NOP messages at regularintervals, may skip and/or delay NOP messages if the slave device hasincoming traffic within the regular interval, T_(NOP).

According to another technique (which may be used separately from, orconcurrently with, any of the Bluetooth-related techniques above),latency critical packets (such as IP packets) may be sent using 3- or5-slot Bluetooth packets. In embodiments in which EDR is in use, thistechnique may allow transfer packets of up to approximately 1000 bytesin one single Bluetooth packet. In some embodiments, it may besufficient to fit the whole IP packet into one single Bluetooth packet,reducing the latency.

In some embodiments in which latency-oriented router 120 is implementedas a part of a user device 110 (as illustrated in FIG. 1F and. FIG. 1G),such latency-oriented router 120 may be implemented as a standaloneprogram that intercepts and/or injects incoming and outgoing packets ofsuch user device 110. In this context, “intercepting” a packet may beunderstood to mean removing a packet from normal packet flow, with theoption to inspect such removed packet; and “injecting” a packet may beunderstood to mean inserting a packet into normal packet flow, whereinsuch inserted packet has some or all the properties of packets withinnormal packet flow. In some embodiments, modifying a packet goingthrough a normal packet flow may be considered an interception of anoriginal packet with a subsequent injection of a modified packet. Insome such embodiments, such standalone program may consist of severalexecutables and may optionally include one or more kernel-mode drivers.As a nonlimiting example, if user device 110 is running Windows as itsoperating system, the interception and/or injection of packets may beimplemented as executables using the Windows Filtering Platform.

In some embodiments in which latency-oriented router 120 is implementedas a part of a user device 110, some parts of the latency-orientedrouter 120 may be implemented as a web browser plugin (sometimes alsoreferred to in the art as a web browser extension) that intercepts andinitiates HTTP requests, Websocket requests and/or any other requestswhich may be initiated by the web browser. This may be of particularinterest in embodiments in which information belonging toapplication-level protocols, including but not limited to HTTP and/orWebsockets, needs to be analyzed and/or modified while packets areprocessed, and one or more of the protocols used as a transport layer bythe application-level protocol implement encryption (such as, withoutlimitation, Transport Layer Security (TLS) encryption). In onenon-limiting example, if video streaming is implemented on top of HTTPs(which, in turn, may be HTTP over TLS over Transmission Control Protocol(TCP)), certain information about the video stream (such as informationabout HTTP URLs and HTTP headers including, but not limited to, rangefragments) may be TLS-encrypted and therefore not directly available atlatency-oriented router 120. As a result, such information may not beavailable for use within some types of processing described within thepresent disclosure.

However, a web browser plugin operating at the HTTP level prior toencryption of the video stream information may still be able to accesssuch information and may perform the necessary processing before thevideo stream is encrypted. In other embodiments, a web browser plugin orextension may be implemented in the manner described in more detailbelow (and referred to as “X-Plugin” 248), which may use additionalcommunications with latency-oriented router 120 to direct traffic todifferent interfaces. In other embodiments, processing may be performedusing both a web browser plugin and techniques described with respect to“X-Plugin” 248.

FIG. 1H is a schematic diagram illustrating connection of alatency-oriented router, according to still another embodiment of thepresent disclosure. As the system of FIG. 1H may be substantiallysimilar to FIG. 1D, only the differences between FIG. 1H and FIG. 1Dwill be described here. While the embodiment of FIG. 1D uses anintermediate proxy 122, in the embodiment of FIG. 1H the intermediateproxy 122 is replaced with one or more simple proxies 124 (only simpleproxy 124A and 124B are shown in FIG. 1H). As illustrated in FIG. 1H,simple proxies 124 may be connected to one or more ISPs 142 using one ormore connections 132, and to one or more ISPs 146 using connections 192(only connections 132A, 132B, 192A, and 192B are shown in FIG. 1H). Insome embodiments, Internet 144 shown on the left side of simple proxy124, may be the same as the Internet 144 shown on the right side ofsimple proxy 124. In some embodiments, one or more of simple proxies 124may use one or more ISPs 142 to connect both its left-side connectionsand right-side connections to the Internet 144 (for example, in a mannersimilar to that described with respect to intermediate proxy 122 in FIG.1E).

In some embodiments, there may be more than one simple proxy 124 on someof the paths between latency-oriented router 120 and latency-orientedproxy 121 (although only one simple proxy 124 is shown for each suchpath in FIG. 1H). In some embodiments, one or more intermediate proxies122 and one or more simple proxies 124 may be used within the sameembodiment.

FIG. 1I is a schematic diagram illustrating connection oflatency-oriented routers, according to an embodiment of the presentdisclosure. In the embodiment of FIG. 1I, two user devices 110 maycommunicate with each other via latency-oriented routers 120 (onlydevices 110A and 110B and latency-oriented routers 120A and 120B areshown in FIG. 1I). In this example, latency-oriented routers 120A and Bmay be connected to the Internet 144 using ISPs 140 (only ISPs 140A,140B, 140C, and 140D are shown in FIG. 1I). A person skilled in therelevant art would appreciate that the number of ISPs connected to eachof the latency-oriented routers may be any number greater or equal toone. Latency-oriented routers 120 may be connected to ISPs 140 usingconnections 130 (only connections 130A, 130B, 130C, and 130D are shownin FIG. 1I). In some embodiments, the schema illustrated in FIG. 1I maybe utilized for latency-critical point-to-point communications, such asVoIP communications.

In some embodiments utilized for point-to-point communications, such asthose shown in FIG. 1I, one or more intermediate proxies 122 (not shownin FIG. 1I) and/or one or more simple proxies 124 (not shown in FIG.1I), may be used in a manner similar to that described with respect toFIG. 1D and/or FIG. 1E and/or FIG. 1H.

In some embodiments, for example as shown in FIG. 1I, one or moreexternal servers (not shown) may be used to facilitate the exchange ofaddresses (such as IP addresses) between devices 110A and 110B and/orbetween latency-oriented routers 120A and 120B. In one embodiment, aDomain Name System (DNS) server, including, but not limited to, aDynamic DNS (DDNS) server, may be used for this purpose. In anotherembodiment, a protocol such as the Session Initiation Protocol (SIP) ora protocol with similar functionality may be used to exchange IPaddresses between devices 110A and 110B and/or latency-oriented routers120A and 120B.

FIG. 1J is a schematic diagram illustrating connection oflatency-oriented routers implementing a “game state”, according to anembodiment of the present disclosure. In the embodiment of FIG. 1J, oneor more user devices 110A, B and C are connected to latency-orientedrouters 120A, B and C, respectively, which are in turn connected tointermediate proxies 122A, B and C, respectively. FIG. 1J illustratesexemplary configurations in which user devices, latency-orientedrouters, intermediates proxies, latency-oriented proxies and/or serverscan be connected. In one non-limiting arrangement, an intermediate proxy(e.g., intermediate proxy 122A), may connect to the latency-orientedproxy 121. In another non-limiting arrangement, an intermediate proxy(e.g., intermediate proxy 122B) may connect to one or more simpleproxies (e.g., simple proxies 124A and 124B), which may in turn beconnected to the latency-oriented proxy 121. In yet another non-limitingarrangement, an intermediate proxy (e.g., intermediate proxy 122C), mayconnect to another intermediate proxy (e.g., intermediate proxy 122A),which may in turn be connected to the latency-oriented proxy 121. Insome embodiments, there can be more than two intermediate proxies 122between latency-oriented router 120 and latency-oriented proxy 121 (onlyone and two such intermediate proxies are shown in FIG. 1J).Latency-oriented proxy 121 may subsequently connect to server 180. Insome embodiments, there can be more than one latency-oriented proxy 121(only one is shown in FIG. 1J).

In an embodiment, a game related application (for example, running onserver 180) may use a “game state”, which is then replicated (and/orsynchronized) to the game clients, where the replica and/or synchronizedcopy of the “game state” may be rendered. In a traditional configuration(not shown), server 180 running such a game-related application, maysend update packets directly to all the game clients (for example,running on user devices 110). In this traditional configuration, theseupdate packets may create significant load on the server 180 and/orassociated ISPs. In addition, the traditional configuration may not beoptimal due to issues associated with the total amount of traffic, andDDoS protection, etc. In contrast, the configurations illustrated inFIG. 1J may provide significant improvements over the traditionalconfiguration, in reducing the traffic manifold and making DDoS attackssignificantly more complicated.

In the example shown in FIG. 1J, instead of the server 180 sending “gamestate” updates directly to all the user devices, it instead sends the“game state” updates to one or more latency-oriented proxies 121 (onlyone latency-oriented proxy is shown in FIG. 1J). Each latency-orientedproxy 121 may keep its own copy of the “game state”, and may be able toprovide synchronization to one or more intermediate proxies (onlyintermediate proxies 122A, B and C are shown in FIG. 1J), each of whichmay maintain their own copy of the “game state”. For example,intermediate proxy 122A and latency-oriented routers 120A may provide“game state” data and/or updates to user devices 110A; intermediateproxy 122B and latency-oriented routers 120B may provide “game state”data and/or updates to user devices 110B; and intermediate proxy 122Amay provide “game state” data and/or updates to intermediate proxy 122C,which, in turn, may provide “game state” data and/or updates to userdevices 110C (which are sitting behind the latency-oriented routers120C). The “game state” data and/or updates received by the user devices110 through the configurations shown in FIG. 1J may be equivalent to the“game state” data and/or updates that the user devices 110 would haveotherwise received directly from the server 180 in a traditionalconfiguration. As a result, in some of the examples illustrated in FIG.1J, the system may be indistinguishable from traditional configurationfrom the point of view of user devices 110A-110C (and/or game clientsrunning on them), while providing significant traffic savings.

In some embodiments, the same proxies may participate in different “datatrees” similar to the one shown in FIG. 1J. In particular, more than oneserver 180 (only one is shown in FIG. 1J) may distribute theirrespective “game states” over the system in FIG. 1J (and/or a similarone) and also one server 180 may distribute more than one “game state”.

It should be further noted that connections in FIG. 1J are merelyexemplary, and any combination of any number of latency-oriented proxies121, intermediate proxies 122, simple proxies 124, latency-orientedrouters 120, and proxy routers 123 may be used to deliver “game state”(with appropriate updates) to user devices 110.

FIG. 1K is a schematic diagram illustrating connection oflatency-oriented routers implementing “X-Plugin” 248, according to anembodiment of the present disclosure. In some embodiments, “X-Plugin”248 may run on user device 110, as illustrated in FIG. 1K. “X-Plugin”248 is described in more detail below.

FIG. 2A is a diagram illustrating an exemplary implementation of alatency-oriented router, according to an embodiment of the presentdisclosure. As illustrated in the example of FIG. 2A, latency-orientedrouter 120 may include interface 202, core 210, interface 204 andoptionally storage 217. According to an embodiment, core 210 may furtherinclude outgoing detector 220, configurator 240, duplicator 250, trafficcontroller 270, incoming detector 230, deduplicator 260, and incomingtraffic controller 271. Optionally, core 210 may also include HTTPserver 206, one or more DHCP servers (not shown) acting, for example, asa DHCP server for appropriate interface 202, and one or more DHCPclients (not shown) acting, for example, as a DHCP client forappropriate interface 204.

In some embodiments, the latency-oriented router may also include one ormore optional Bluetooth modules (not shown). Each of these module(s) maybe, for example, a “classic” Bluetooth module, a Bluetooth Low Energymodule (which is also known in the art as a Bluetooth Smart module), ora Bluetooth dual-mode module that supports both “classic” Bluetooth andBluetooth Low Energy (which is also known in the art as a BluetoothSmart Ready module). “Classic” Bluetooth and/or dual-mode modules mayoptionally support Enhanced Data Rate (EDR) and/or Bluetooth High Speed(HS).

Interfaces 202 and 204 may be interfaces to communicate with any deviceexternal to latency-oriented router 120. For example, interfaces 202 and204 may be designed to communicate with an external system such as apersonal computer, a cell phone, a personal digital assistance or aserver. In some embodiments, interfaces 202 and/or 204 may beimplemented as one or more of the following: Ethernet (including, butnot limited to, 10BASE-T, 100BASE-T, 1000BASE-T, 1000BASE-X, 10GBASE-T,or any other of 10BASE, 100BASE, 1000BASE, or 10GBASE interfaces),Wi-Fi, USB, Bluetooth, ADSL, cable Internet, LTE, 3G, or any otherexisting or future developed communication systems and/or protocols withsimilar functionalities. In an example, interface 202 may handleconnections 150 from user devices 110 and interface 204 may handleconnections 130 to ISPs 140 as illustrated in FIG. 1B.

In some embodiments, an external application (not shown) may be used toconfigure and/or control latency-oriented router 120. In someembodiments, such external application may run on a desktop PC, asmartphone and/or a tablet and may use a connection to HTTP server 206to control latency-oriented router 120. In some embodiments, suchexternal application may use a Wi-Fi connection (for example, usinginterface 202) or a Bluetooth connection (for example, using a Bluetoothmodule) to establish its connection to HTTP server 206.

In one embodiment, there may be multiple interfaces 202 and/or multipleinterfaces 204. In some embodiments, some of the interfaces may be“virtual interfaces” built on top of “physical” interface(s) asdescribed below. In another embodiment, “virtual interfaces” 202 and 204may be built on top of the same physical interface so that only onephysical interface performs the functions of both interface 202 and 204.

In some embodiments, storage 217 may be implemented as a persistentstorage such as SSD, HDD, Flash, EEPROM, battery-backed RAM, or anyother existing or future storage with similar functionality.

According to an embodiment, core 210 may be implemented as a CPU, MCU orMPU, and the modules shown in FIG. 2A within core 210 may be implementedas software programs, routines or modules. Alternatively, core 210 maybe implemented as FPGA or ASIC, and the modules within core 210 may beimplemented as circuits. Still alternatively, a hybrid implementation inwhich some components of core 210 are implemented on a CPU, MCU or MPU,while other components of core 210 are implemented as FPGA(s) orASIC(s), is also within the scope of the current disclosure.

In some embodiments, there may be one or more of additional queues (notshown) placed between different components of the latency-orientedrouter 120. By way of example and not limitation, there may be a queuebetween (a) interface 202 and outgoing detector 220, (b) outgoingdetector 220 and duplicator 250, (c) outgoing detector 220 and outgoingtraffic controller 270, and/or (d) core 210 and interface(s) 204. Thesequeues may be implemented as hardware queues (for example, similar tothose hardware queues used in existing routers), software queues (suchas boost:: sync_queue, boost::sync_bounded_queue, and so on), and/or acombination of both.

In some embodiments, one or more of these queues may be a prioritizedqueue and/or may allow for a prioritized data and/or packet extraction.For example, a queue placed between core 210 and interface 204(obtaining packets from both duplicator 250 and outgoing trafficcontroller 270) may be prioritized, thereby allowing for extraction oflatency-critical packets with higher priority than “other traffic”packets. In other embodiments, a queue between interface 202 andoutgoing detector 220 may allow for prioritized packet extraction undercertain conditions (such as high CPU load, high interface load, etc.),allowing outgoing detector 220 to run all or some of its detectionprocedures over the packet in the queue and take only packets whichbelong to latency-critical traffic (for example, leaving packetsbelonging to “other traffic” until high load conditions cease). In someembodiments, one or more of these queues may use one or more methodsusually referred to as Active Queue Management (AQM) techniques(including, but not limited to, Random Early Detection (RED), ControlledDelay (CoDel), Class-based Queue Scheduling (CBQ), Hierarchical TokenBucket (HTB), Hierarchical Fair Service Curve (HFSC), etc.).

In some embodiments, latency-critical packets—as detected, for exampleby outgoing detector 220 and/or incoming detector 230—may be assigned a“traffic class” (referred to as “LC”); “other traffic” may be assigned“traffic class” (referred to as “OT”); traffic class OT may be differentfrom “traffic class” LC. In some of such embodiments, this assigned“traffic class” may be used as a “traffic class” of the packet for thepurposes of Active Queue Management algorithms such as CBQ, HTB, HFSC,and/or any other algorithms with similar functionalities, known now, orinvented in the future. In some of such embodiments, “traffic class” LCmay be designated as “real time” for the purposes of the algorithmsmentioned above. In some embodiments, some or all of the queues oflatency-oriented router 120 may be implemented as two independentqueues, one for latency-critical traffic, and another for “othertraffic”. In some embodiments, each of these queues may use one or moreof AQM algorithms.

In one embodiment, core 210 may include a configurator 240, which storesconfiguration information in persistent storage 217, which may resideoutside of core 210. Upon restarting of latency-oriented router 120, theconfiguration information may be read from storage 217 into configurator240 of core 210. In one embodiment, configurator 240 may be controlledby an HTTP server 206. In another embodiment, configurator 240 may becontrolled by a Bluetooth module. In yet another embodiment,configurator 240 may be controlled by other devices to generate theconfiguration information. The generated configuration information fromconfigurator 240 may be used by some or all the other modules of core210.

In some embodiments, latency-oriented router 120 may implement the UPnPprotocol and/or the Internet Gateway Device (IGD) protocol. In someembodiments, these protocols may be implemented as a part of (and/orcommunicating with) configurator 240, which may in turn facilitatedynamic port forwarding.

In some embodiments, latency-oriented router 120 may implement the IEEE802.11e standard, Wi-Fi Multimedia (WMM), and/or Wireless MultimediaExtensions (WME).

In some embodiments, latency-oriented router 120 may include anauthenticator 282 (not shown)—for example, between interface 204 andincoming detector 230. The authenticator 282 may be used, for example,to facilitate authentication for the router-to-router communication asshown in FIG. 1I.

In one embodiment, latency-oriented router 120 may be implemented as aseparate computer running appropriate software. For example,latency-oriented router 120 may be implemented as an application runningon a device with an operating system such as a PC, server, desktop,laptop, tablet, smartphone, or a single-board computer (such asRaspberry Pi or BeagleBone). In such an implementation, thelatency-oriented router 120 may use one or more APIs (for example,latency-oriented router 120 may use Berkeley sockets API, including butnot limited to, SOCK_RAW or SOCK_DGRAM sockets) to receive and senddata. These APIs may be provided, for example, by the operating systemand/or by third-party applications and/or drivers.

In some embodiments, latency-oriented router 120 may be implemented as astandalone device specially constructed for its purpose serving as alatency-oriented router. For example, latency-oriented router 120 mayinclude a MCU or CPU, and other components supporting thefunctionalities of the MCU or CPU.

In some embodiments, latency-oriented router 120 may be implemented asone or more software module(s) running on one of user devices 110. Forexample, latency-oriented router 120 may use “network filter drivers” orequivalent (such as netfilter module for Linux or Network KernelExtension for Mac OS), or any other technique used to implement VPN, tointercept traffic and process it before sending it out. An example of anembodiment which uses such an implementation of the latency-orientedrouter 120, is shown in FIG. 1F.

In one embodiment, packets from interface 202 may arrive at core 210,where they may be directed to outgoing detector 220 for furtherprocessing. Outgoing detector 220 may detect whether the received packetbelongs to latency-critical traffic, such as traffic originated fromVoIP, streaming media or game applications. Alternatively, outgoingdetector 220 may detect that the packet belongs to other, nonlatency-critical traffic such as HTTP(S) download or torrent traffic.

In some embodiments, outgoing detector 220 may detect latency-criticalpackets by analyzing one or more of the packet fields. For example, theoutgoing detector 220 may analyze the “protocol” field within an IPpacket and/or a “port number” field for a respective protocol todetermine the type of traffic. For example, an IP packet withprotocol=UDP and UDP port in the range from 5000 to 5500, may indicateLeague of Legends game traffic and outgoing detector 220 may detect thistraffic as latency-critical. In other embodiments, thisinformation—e.g., the “protocol” and “port number” fields—may need to becombined with other information to identify the traffic reliably.

In some embodiments, outgoing detector 220 and/or incoming detector 230may implement an analysis of foreign IP addresses. For example, withrespect to outgoing traffic, the outgoing detector may use the target IPaddress as the “foreign” IP address, and with respect to incomingtraffic, the incoming detector 230 may use the source IP address as the“foreign” IP address. In one non-limiting example, if a “foreign” IPaddress is associated with an Autonomous System (“AS”) belonging to RiotGames, this “foreign” IP address may indicate League of Legends traffic.In this example, the check “whether IP belongs to AS”, which istypically used by servers of certain games may be implemented, forexample, by storing a table of AS entries “of interest” within thelatency-oriented router 120 itself (this information can be derived fromnetmask-to-ASN and/or ASN-to-owner tables which can be obtained, forexample, by making an “MRT dump” (or using any other export mechanism)from certain “border” routers), or by storing netmask-to-ASN andASN-to-owner tables themselves, or by performing an external request(for example, to an external server, including, but not limited to, aspecial server which is set up for this purpose, and/or a WhoIs server).In some embodiments, the table of AS entries “of interest” may beimplemented as a list, with each entry describing an “app type”, andcontaining one or more of IP ranges “of interest”. In one embodiment,the “app type” entry in the list may further contain one or more entriesidentifying ports “of interest”, and/or other information which mayallow further classification of the traffic. In some embodiments, IPranges “of interest” may be derived from netmask-to-ASN and/orASN-to-owner tables.

In another non-limiting example, latency-oriented router 120 may use“reverse DNS lookup” on “foreign” IP address, and pass this informationto detector 220, which may then check for typical patterns within thestring returned by “reverse DNS lookup”. In some embodiments, outgoingdetector 220 may perform a regular expression match to check if thestring returned by reverse-DNS-lookup matches a regular expressionpattern (e.g., *riotgames*). In some embodiments, this pattern match maybe made case-insensitive. In other embodiments, the string returned byreverse-DNS-lookup may be parsed to extract the domain name out of it,and the domain name may be subsequently compared to a pre-defined one(e.g., “riotgames.com”). In some embodiments, this comparison may beperformed in a case-insensitive manner.

In some embodiments, outgoing detector 220 may analyze the DifferentialServices Field within the IP header (such as an IPv4 header or an IPv6header) and, in particular, the DSCP portion of the field (as defined inRFC2474, the entirety of which is incorporated herein by reference). Insome embodiments, any packet in which the value of the DSCP field is notequal to “DF” (also known as “CS0” with a binary value of 000000) or“CS1” (binary value 001000)—as defined, for example, in RFC4594 and/orRFC5865, the entirety of both of which is incorporated herein byreference—may be determined to belong to latency-critical traffic. Insome other embodiments, any packet in which the value of the DSCP fieldis equal to “C53” (binary value 011000), “C54” (binary value 100000),“CS5” (binary value 101000) and/or “EF” (binary value 101110) may bedetermined to belong to latency-critical traffic.

In some embodiments, outgoing detector 220 may use WMM, WME, and/or802.11e “access category” to determine whether the packet belongs to“latency-critical traffic”. In some embodiments, if the packet belongs,for example, to an AC_VO or AC_VI “access category”, it may berecognized as a “latency-critical packet”.

In some embodiments, outgoing detector 220 may analyze packets which areidentified by certain fields within the packet (for example, by (sourceIP, source_port, target_IP, target_port) tuple), and may decide whetherthe packet belongs to “latency-critical traffic” based on such analysis.For example, outgoing detector 220 may look for packets with the same(source_IP,source_port,target_IP,target_port) tuple, and if such packetsare small for the respective interface (for example, less than a maximumtransmission unit (“MTU”) and/or less than a predefined threshold),and/or have small typical time-intervals between them (for example, lessthan 100 or 200 ms), then such packets may be considered aslatency-critical. In some embodiments, the criteria may be adjusted toanalyze low average traffic (such as less than 100 or 200 Kbit/s),combined with small typical time intervals between the packets. For easeof reference, this technique may be referred to as “ad-hoclatency-critical detection”. In some embodiments, “ad-hoclatency-critical detection” latency-critical sessions may be droppedwhen a pre-defined time threshold is reached (for example, “severalseconds”) without communications over the session.

In some of embodiments with “ad-hoc latency-critical detection”, “ad-hoclatency-critical detection” may lead to the existing communicationsession changing its status from “other traffic” to “latency-criticaltraffic” while the session is already in progress. In such scenarios, itmay be undesirable to use all the latency-improving features for packetsthat belong to such sessions; in particular, proxy-related features maybe undesirable for such sessions. In some embodiments, otherlatency-improving features (for example, DSCP modification, “timeslots”, and “suppression” of “other traffic”) may be still applicable tosuch sessions.

In some embodiments, latency-oriented router may store information aboutsuch “ad-hoc latency-critical detection” sessions (for example, as(target IP, target_port), or (ASN-of-target_IP, target_port)), and usethis information to determine whether the session is latency-criticalfor new sessions (i.e., created after this information is stored).Information may be stored, for example, in RAM, or in non-volatilestorage such as storage 217. In some embodiments, such information-baseddetermination may allow identification of the session aslatency-critical from the very beginning of the session (and withoutusing ad-hoc detection mechanisms) which, in turn, may allow use of allthe latency-improving features for such sessions (includingproxy-related features).

In some embodiments, information about “ad-hoc latency-criticaldetection” sessions may be communicated to a latency-oriented proxy 121(or to any other proxy, or an external server). In some embodiments,such information may be communicated after permission from the user toshare this information is obtained (for example, via Configurator 240).In some embodiments, such information may be used by developers toimprove the latency-oriented router 120. In one example, statistics onsuch ad-hoc latency-critical sessions may be used to determine thelatency-critical applications used by client devices 110 (and/or thepopularity of such applications), which may lead to implementing supportfor another application type. In another example, information on suchad-hoc latency-critical sessions may allow detection of region-specificor ISP-specific behavior of certain latency-critical applications.

In some embodiments, the methods described above can be combined. Forexample, if an incoming packet has protocol=UDP and the UDP port is inthe range from 5000 to 5500, or the incoming packet has a “foreign” IPaddress that belongs to an AS that originated from Riot Games, or astring is returned by reverse-DNS-lookup that matches(case-insensitively) regular expression pattern “*riotgames*”, then theoutgoing detector 220 may decide that the packet belongs to a League ofLegends client time-critical traffic.

In still other embodiments, outgoing detector 220 may perform ananalysis of packet format; information from such analysis may be usedalone, or together with some or all of other methods described above.For example, if the packet has protocol=UDP, and a port which mayindicate two different applications A and B, then the outgoing detector220 may check whether the packet format complies with packet format ofapplication A and/or with packet format of application B, and use thisinformation to make relevant determinations.

In some embodiments, in addition to information that “this packetbelongs to latency-critical traffic”, outgoing detector 220 mayadditionally provide information about the “app type” to which thepacket belongs. In one non-limiting example, if some of the exemplarychecks above succeeded for a packet, outgoing detector 220 may reportthat “app type” is “‘League of Legends’ client traffic”. In anothernon-limiting example, “app type” may be “Skype VoIP traffic”. In someembodiments, “app type” may contain additional information associatedwith this type of traffic, such as “expected packet rate”, or “list ofpreferred proxies”.

In some embodiments, outgoing detector 220 may additionally implementdetection and/or creation/destruction of the “latency-critical sessions”for latency-critical traffic. In some embodiments, such“latency-critical sessions” may also be used to facilitate detectionand/or modification of the incoming traffic (as described for incomingdetector 230 and deduplicator 260).

In one example, “latency-critical session” may start (and/or be created)when a UDP packet arrives; at this point, outgoing detector 220 maystore information about source_IP, source_port, target_IP, and/ortarget_port from the packet and associate the future packets with thesession when the future packets arrive with these attributes. In someembodiments, a session may end (and/or be destroyed) after a certainamount of time has passed without further receiving any packetsbelonging to the session (with typical timeout values, for example,being between 0.1s and 60s). Alternatively, timeout may be configurableand/or may depend on the “app type” of the latency-critical traffic. Insome embodiments, only packets coming in one direction may count to keepthe session alive (i.e., to prevent session end and/or destruction). Forexample, only packets coming from interface 202, or only packets comingfrom interface 204 (e.g., as reported by incoming detector 230) maycount to keep the session alive. In other embodiments, packets coming inboth directions (both from interface 202 and interface 204) may count tokeep the session alive.

Still alternatively, if latency-critical traffic is going over TCP, theTCP connection may be used as a session (for example, using mechanism(s)similar to that described above for UDP, or with additional analysis ofTCP-specific packet fields such as SYN/FIN flags to determine the startand the end of the session more reliably).

In some embodiments, “latency-critical sessions” may be detected/createdusing any of the existing techniques for starting/ending network addresstranslation (“NAT”) sessions (such as techniques described in RFC2663,RFC3022, RFC4787 and/or RFC5382). In some embodiments, “latency-criticalsessions” may be created using “port forwarding” and/or “static NAT” or“static mapping”; information, necessary to create these sessions may betaken, for example, from configurator 240.

In some embodiments, outgoing detector 220 may, when passing alatency-critical packet to duplicator 250, additionally provideinformation about the latency-critical session associated with thispacket. In some embodiments, outgoing detector 220 may provideadditional information associated with the latency-critical session,which may include, for example, “detected packet rate” (such as,measured over the last NN seconds, wherein NN is a specific,predetermined or configurable period of time). In another example, thelatency-critical session may include information about the sessionproxy. In some embodiments, such session proxy information may becalculated by other components of the latency-critical router 120, suchas duplicator 250.

In some embodiments, the information about the “app type” may bemaintained and/or reported on per-latency-critical-session basis insteadof, or in addition to, reporting on per-packet basis as described above.

In some embodiments, outgoing detector 220 may additionally provideinformation on whether currently there is latency-critical traffic (forexample, to outgoing traffic controller 270). Such detection may be, forexample, implemented based on a parameter such aslast-time-when-latency-critical-packet-has-been-observed (either in onedirection, or in any direction). The latency-critical traffic inincoming direction may be, for example, reported by incoming detector230. For example, if it is determined that the last time that alatency-critical-packet was observed was more than D seconds ago,outgoing detector 220 may report that there is no currentlatency-critical traffic. The typical values for D may be between 0.1sand 60s. In some embodiments, values of D may be different for different“app types”, and/or configurable via configurator 240.

Alternatively, detection of the current latency-critical traffic may bebased on detection of the “latency-critical sessions” as describedabove. In one embodiment, outgoing detector 220 may report that there iscurrent latency-critical traffic if there is at least one“latency-critical session” in progress. In some embodiments, detectionof “latency-critical sessions” and/or “current latency-critical traffic”may be implemented within other parts of the system, such as withinduplicator 250 and/or within incoming detector 230. Combinations of thedetection methods described above are also within the scope of thepresent disclosure.

In some embodiments, some or all of the functionality related todetection, creation, maintenance, and destruction of latency-criticalsessions, may be implemented as a “session keeper” component (notshown). This component may be a part of the outgoing detector 220, ormay be implemented as a separate component (for example, within core210). In some embodiments, the same or similar “session keeper”component may be re-used to implement some or all of the othersession-related components such as incoming detector 230, sessiontracker 284, and/or session selector 286.

In one embodiment, latency-critical traffic may be directed toduplicator 250, where duplicator 250 may duplicate the packet and sendit to several interfaces 204. In some embodiments, zero or more copiesmay be sent to each of the interfaces 204. In one non-limiting example,duplicating may include sending one or more copies of the packet to eachof the interfaces 204. Alternatively, duplicator 250 may duplicate thepacket into one or more copies, and transmit them to the same interface204 (for example, according to configuration information obtained fromconfigurator 240). In another embodiment, duplicator 250 may send two ormore copies into each of the interfaces 204.

In some embodiments, packet duplication may be generalized to “RedundantArrays of Inexpensive Connections” (RAIC), with the concept beingsimilar in nature to Redundant Arrays of Inexpensive Disks (RAID). Forexample, simple duplication as described above (and correspondingdeduplication as described with respect to deduplicator 260 and/or 262),may be seen as a simple mirror (RAIC-1, with the concept being similarto that of RAID-1). In some embodiments, RAIC-5 (with the concept beingsimilar to that of RAID-5) may be used. For example, if there are threeinterfaces and/or connections between sides of the communication (suchas latency-oriented router 120 and latency-oriented proxy 121; twolatency-oriented routers 120; or any other combination of routers andproxies), then the packet may be split into two parts (A and B) of thesame size. If the size of the packet is not divisible by two, paddingmay be used to make the size of the packet equivalent prior tosplitting. Then duplicator 250 may send several “split-copies”:split-copy #1 containing A to interface #1, split-copy #2 containing Bto interface #2, and split-copy #3 containing A{circumflex over ( )}B tointerface #3 (where ‘{circumflex over ( )}’ denotes ‘xor’, i.e.,“exclusive or”). Deduplicator 260 and/or 262 may then be able to restorethe whole packet as soon as any two of these three split-copies havebeen received. More specifically, if split-copy #1 is missing, then Acan be restored as splitcopy_3{circumflex over ( )}splitcopy_2; ifsplit-copy #2 is missing, then B can be restored assplitcopy_3{circumflex over ( )}splitcopy_1; and if split-copy #3 ismissing, both A and B are already available so the packet can bereassembled from splitcopy_1 and splitcopy_2. In some embodiments, threeinterfaces and/or connections may be further generalized to four or moreinterfaces and/or connections. For example, on a sending side, fourinterfaces may be supported as splitting the packet into three parts (A,B, and C), and sending four split-copies: splitcopy_1=A, splitcopy_2=B,splitcopy_3=C, and splitcopy_4=A{circumflex over ( )}B{circumflex over( )}C. On the receiving side if, for example, splitcopy_1 is lost, thenA can be restored as splitcopy_4{circumflex over( )}splitcopy_3{circumflex over ( )}splitcopy_2.

In some embodiments, RAIC-6 may be used with one of the algorithms thatare normally used for RAID-6 (for example, using syndrome calculationand restore algorithm.) RAID-6 and its associated algorithms are knownto those of ordinary skill in the art and are described in more detailin publications such as (the entirety of each of which is incorporatedherein by reference): “The RAID-6 Liber8tion Code,” James S. Plank,International Journal of High Performance Computing Applications (Jun.2, 2009); “P-Code: A New RAID-6 Code With Optimal Properties,” Chao Jinet al., Proceedings of the 23^(rd) International Conference onSupercomputing, at 360-369 (2009); “Minimum Density RAID-6 Codes,” JamesS. Plank et al., ACM Transactions on Storage, Vol. 6, Issue 4, ArticleNo. 16 (May 2011). Using RAIC-6 may allow restoring the packet as soonas all-but-two of the split-copies of the packet are received.

In some embodiments, RAIC (including, but not limited to, RAIC-1, RAIC-5and RAIC-6) may be used when only one interface is used. In such case,duplication packets over the same interface, as described above withrespect to duplicator 250 and which may include delaying some of thecopies, may be seen as an implementation of RAIC-1. In some embodiments,as described above with respect to sending copies and duplicator 250,one packet may be split into three split_copies, which split_copies maybe sent over the same interface in a manner similar to RAIC-5. Uponreceipt of any two of split_copies, the receiving side of communication(for example, deduplicator 260) may restore the original packet in amanner described above. RAIC-6 may be used over a single interface in asimilar manner. In some embodiments, N split_copies may be sent over Mdifferent interfaces, where M and N are integers. In one non-limitingexample, two of the split_copies may be sent to interface #1, and two ofthe split_copies may be sent to interface #2.

In some embodiments, RAIC may be used together with “X-Fragmentation”.For example, a packet may be split by “X-Fragmentation” into N segmentsof roughly the same size, which segments may be then encoded into Msplit_copies, where M may be equal to N+1 for RAIC-5, and M may be equalto N+2 for RAIC-6. Such split_copies may then be then sent as describedwith respect to “X-Fragmentation”. In one non-limiting example, if anoriginal packet has a payload size of 500 bytes, it may be split intofive copies each having a payload size of 100 bytes. Six split_copies(100 bytes each) may be produced out of the five original split_copies,where the sixth copy is an ‘xor’ of the other five in order to makeRAIC-5. Then all six split_copies may be sent over the same interface orover different interfaces. Delivery of any five of the six split_copiesmay be sufficient to reconstruct the original packet. A similar approachmay be used for RAIC-6, in which N+2 split_copies are produced, andreconstruction of the original packet may be possible upon delivery ofany N of the N+2 split_copies.

In some embodiments, a variation of RAIC, referred to herein asRedundant Arrays of Inexpensive Connections Time-based (RAICT), may beused. RAICT may apply techniques similar to that of RAIC, but todistinct packets in the packet sequence instead of just one packet. Inone non-limiting example, each packet from a packet sequence may be senttwice: once as-is, and once ‘xor’ed with a previous packet. One of thepackets may need to be padded to achieve the same length as the otherpacket. Thus, if packet A needs to be sent, it is sent as twosplit_copies: the first split_copy may be equal to “A{circumflex over( )}packet before A”, and the second split_copy may be equal to A. If Ais the very first packet in the packet sequence, packet_before_A may beconsidered a well-known constant, such as zero. When next packet B needsto be sent, split_copies “B{circumflex over ( )}A” and “B” may be sent;when next packet C needs to be sent, split_copies “C{circumflex over( )}B” and “C” may be sent; and so on. On the receiving side ofcommunication, even if both split_copies from any of the packets aremissing, the packet may still be reconstructable from subsequentpackets. In some embodiments, the method above may be generalized tomore than two split_copies sent for each of the packets. For example,when four split_copies are used per packet, packet D may be sent as foursplit_copies: “D{circumflex over ( )}A”, “D{circumflex over ( )}B”,“D{circumflex over ( )}C” and “D”, which may allow for recovery frombursts of packet losses.

In some embodiments, RAIC split-copies may be further duplicated. Insome embodiments, packet duplication may be performed together with oneor more proxying techniques (such as the proxying techniques describedbelow). In some other embodiments, packet duplication may be performedwithout proxying techniques. In some of the packet duplicatingembodiments without proxying techniques it may lead to more than onecopy of the packet arriving to the server 180, and server 180 may ignoresome or all such duplicates.

In some embodiments, when sending one or more of the packet copies toone or more of interfaces 204, duplicator 250 may modify the respectivecopy by adding authentication data, which may be one or more ofclient_ID, auth_token, Message Authentication Code (“MAC”), and/orsignature fields (for example, as one of (client_ID, auth_token),(client_ID, MAC), or (client_ID, signature) tuples). Exemplary handlingof these tuples is described with respect to authenticator 282 shown inFIG. 2B. According to some embodiments, the MAC field, if present, maycontain a MAC for the packet (and/or a part of the packet, including,but not limited to, packet body) either from MAC algorithms (such asOne-key MAC (“OMAC”), Hash-based MAC (“HMAC”), or Poly1305), or fromAuthenticated Encryption with Associated Data (“AEAD”) algorithms (suchas Encrypt-then-MAC, MAC-then-Encrypt, Encrypt-and-MAC, EAX, Counterwith CBC MAC (“CCM”), OCB, Chacha20-Poly1305, or various forms ofGalois/Counter Mode (“GCM”) including, but not limited to, AES-GCM),using a secret key. Such a secret key may be, for example, pre-sharedwith both the latency-oriented router and the latency-oriented proxy(and may be, for example, issued on per-user,per-latency-oriented-router, and/or on per-latency-oriented-proxybasis).

In some embodiments, MAC and/or AEAD may use nonce(s) within packets toprevent replay attacks. In some embodiments, a separate nonce field,incremented for each packet by the sender, may be used. In some otherembodiments, a packet_ID field (for example, an added field as describedwith respect to duplicator 250 or existing_packet_ID) may be used assuch nonce(s). In one non-limiting example, AEAD may be used, andpacket_ID may be passed in plain (without being encrypted), with therest of the packet encrypted using a secret key, and using packet_ID asan AEAD nonce. In another non-limiting example, MAC may be used, andpacket_ID may be a part of the packet, with the whole packet beingauthenticated by MAC. In some embodiments, on receiving side of thecommunication, the nonce (including, but not limited to, packet_ID) maybe used to ensure that each packet is delivered only once (which mayeffectively eliminate replay attacks). In some embodiments, methodssimilar to that described with respect to deduplication (including, butnot limited to, last_packet_ID and/or bit mask(s) and/or list(s) ofreceived packet_IDs) may be used to ensure that each packet is deliverednot more than once.

In other embodiments, the signature field, if present, may be anasymmetric algorithm (such as RSA or elliptic curve) signature for thepacket using a private key PR (such a private key may be stored, forexample, within the latency-oriented router 120). The public keycorresponding to the private key PR may be, for example, shared with thelatency-oriented proxy 121. In some embodiment, adding additional fieldsto the respective copy may be implemented, for example, by “wrapping”the original packet (or original packet body) inside of new packet (ornew packet body), with additional fields within the “new” packet (orpacket body). In some embodiments, the client_ID field may be skippedfor the rest of the latency-critical session as soon as anacknowledgement that the client_ID has been received for this session,arrives from the other side of the connection.

In some embodiments, even if authentication data is not provided,duplicator 250 may still encrypt the packet body (and/or a part ofpacket body) using a secret key and/or a private key. In someembodiments, calculation of authentication data and/or encryption may beperformed after all the other packet modifications (or packet bodymodifications) are completed.

In some embodiments, when sending one or more of the packet copies toone or more of interfaces 204, duplicator 250 may modify the respectivecopy(ies) of the packet to provide NAT-like behavior. For ease ofreference, such a modification may be referred to as “NAT-liketranslation”. In one example, the source IP of the copy may be changedto match the IP address associated with the interface 204 where the copyis to be sent. In some embodiments, the source port (such as UDP port orTCP port) may be modified (for example, to use a port number that iscurrently unused for the modified-source-IP address), so that trafficreturning back to the modified (source-IP, source-port) pair can beeasily distinguished from all the other traffic. In some furtherembodiments, information (which, for ease of reference, may be referredto as “NAT-like translation data”) may be associated with thecorresponding “latency-critical session”, to facilitate “reverseNAT-like translation” as described with regards to deduplicator 260. Insome embodiments, this “NAT-like translation data” may be implemented as(source_IP, source_port) pair, which is associated with thelatency-critical session.

In some other embodiments, the IP packet may be modified using one ormore of the techniques described in RFC2663, RFC3022, RFC4787 and/orRFC5382. These techniques may include, but are not limited to, networkaddress port translation (“NAPT”).

In some embodiments, “NAT-like translation” may include adding a “VPORT”field, value of which may represent a “virtual port” which is assignedto this session_ID (using, for example, any still-unused-VPORT, and/ortechniques for port selection used in NAPT). In some embodiments, this“VPORT” may be a purely virtual port, without processing of any packetscoming directly to this port. In particular, VPORT may be of interest inembodiments such as those shown in FIG. 1I.

In some embodiments, when sending one or more of the packet copies toone or more of interfaces 204, each of the copy(ies) may be modified toensure that it reaches the latency-oriented proxy 121. For ease ofreference, such a modification may be referred to as “proxytranslation”. In one embodiment, the target IP of each copy may bechanged to one of the IP addresses of the latency-oriented proxy 121.Additionally, the target port (such as the UDP port or the TCP port) maybe modified to use a port number reserved for latency-critical trafficby the latency-oriented proxy 121. In another embodiment, in addition tomodifying the target IP address, a session_ID field (representing a“latency-critical session”) may be added to each copy by, for example,“wrapping” the original packet (or original packet body) inside of newpacket (or new packet body) and adding a session_ID field within “new”packet (or packet body). In some embodiments, when duplicator 250 is acomponent of the latency-oriented router 120, this will facilitate usingthe same port on the latency-oriented proxy, for packets received formultiple sessions from the same latency-oriented router. In otherembodiments, the logic above may be used in the latency-oriented proxyusing the duplicator 252. In other words, the latency-oriented proxy 121and its duplicator 252 may use the session_ID field to facilitate usingthe same port of the latency-oriented router for communicating withmultiple sessions coming from the same latency-oriented proxy.

In some embodiments, “proxy translation” may include modifying thepacket to include a proxy_target_IP field (and/or a proxy_target_portfield). For example, the field can be added by “wrapping” the originalpacket (or original packet body) inside of a new packet (or new packetbody), with an additional proxy_target_IP field and/or proxy_target_portfield included within the “new” packet (or packet body). In some furtherembodiments, the proxy_target_IP field and/or the proxy_target_portfield may be skipped for the rest of the latency-critical session assoon as an acknowledgement arrives from the other side of the connectionthat the proxy_target_IP and/or proxy_target_port field has beenreceived for this session. Such an acknowledgement may be sent as aseparate packet, or as a field within existing packets.

In some embodiments, the target_IP addresses and/or ports for “proxytranslation” may be different for different interfaces 204. In otherembodiments, some or all of the interfaces 204 may be “virtualinterfaces”. In such an embodiment, while all (or some) of the virtualinterfaces may have the same underlying physical interface 204, eachvirtual interface may have its own target-IP and/or target-port fields,and may replace the target_IP addresses and/or ports of the packets sentthrough the “virtual interface”, with its own target-IP and/ortarget-port fields. Such “virtual interfaces” may be particularly usefulin embodiments in which the “virtual interfaces” are used as a part ofduplicator 252 which may form a part of latency-oriented proxy 121,where latency-oriented proxy 121 has only one interface 204. Such“virtual interfaces” are also particularly useful for any embodiment inwhich the same physical interface is used to implement interface(s) 202and 204.

In some embodiments, whether and/or how “proxy translation” is performedmay depend on the target_IP field of the packet, the “app type”information, and/or information about the “latency-critical sessionassociated with current packet”. In one non-limiting example, if the“app type” has an associated list of preferred proxies, then “proxytranslation” may pick one of these preferred proxies from the list. Inanother non-limiting example, if there is more than one preferred proxyin the list of preferred proxies, the proxy to be used for translationmay be selected as follows: (a) if there is a “session proxy” associatedwith the latency-critical session for the current packet, then the proxyassociated with that session may be used; (b) if there is no such proxy,then a proxy from the list may be selected and set as the “sessionproxy” for the latency-critical session based on, for example, on theround-trip times of the most recent pings (or other similar packetexchanges). In another example, selecting a proxy from the list mayinclude an information exchange with each proxy from the list ofpreferred proxies. Such an information exchange may include requesting acurrent roundtrip trip time (current_RTT) from the proxy to the targetserver, receiving the current_RTT from the proxy to the target server(and also optionally receiving the time spent on the proxy beforereplying), and calculating the current_latency_via_this_proxy as equalto the time from sending the request to receiving the reply+(current_RTTfrom the proxy to the target server—the time spent on the proxy beforereplying). In some embodiments, these exchanges may be performed inadvance with the results saved or cached for later use. Once thecurrent_latency_via_this_proxy is determined for each of the preferredproxies, in one embodiment, the proxy with the lowestcurrent_latency_via_this_proxy may be selected.

“Proxy translation” may be performed instead of, or in addition to, the“NAT-like translation” described above. In some embodiments, “proxytranslation data” may be stored by duplicator 250. For example, theduplicator 250 may store multiple records, with each record containing(source_IP, source_port, target_IP, target_port). Alternatively, oradditionally, the duplicator 250 may store (session_ID, target_IP,target_port). It is to be noted that any superset of these fields mayalso be stored. It is further to be understood that session_ID refers tothe ID of the latency-critical session, and this session_ID may be usedby other components of the system (for example, by deduplicator 260).

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, traditional IP fragmentation (forexample, based on MTU of the interface) may be performed. In someembodiments, when sending one or more copies of the packet to one ormore of the physical (i.e., non-virtual) interfaces 204, additionalinformation may be added to the header (according to the logic of therespective underlying layer), and the packet may then betransferred/transmitted over respective physical media. These mayinclude, for example, adding Ethernet MAC headers and transferring overEthernet PHY or Wi-Fi PHY, adding Point to Point Protocol over ATM(“PPPoA”) headers and transferring over ATM, and so on.

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the duplicator 250 may modify all or someof the copies of the packets by modifying the Differential Services(DiffServ) Field within the IP header (such as IPv4 header or IPv6header) and, in particular, the DSCP portion of the field (for example,as defined in RFC2474). In some embodiments, the DSCP field can bemodified to indicate that DSCP is equal to “CS3” (binary value 011000),“CS4” (binary value 100000), “CS5” (binary value 101000), or “EF”(binary value 101110), (as defined, for example, in RFC4594 and/orRFC5865) (for ease of reference, these values may be referred to as“high-priority DSCP values”).

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the duplicator 250 may use EnhancedDistributed Channel Access (“EDCA”) and/or HCF Controlled Channel Access(“HCCA”), using access class of AC_VO or AC_VI for the latency-criticalpackets. This may be of specific interest in configurations such asthose shown in FIG. 1F and/or FIG. 1G.

In some embodiments, the number of DSCP modifications may berate-limited. This may be useful, for example, to avoid excessive numberof DSCP packets leading to DSCP being ignored as a result of “edgeconditioning”. If a rate limit on DSCP modifications is implemented, itmay be, for example, a limit on bandwidth taken by DSCP packets comparedto channel bandwidth (for example, DSCP packets may be limited to anumber from 5% to 20% of channel bandwidth), and/or a limit on abandwidth taken by DSCP packets (for example, taken from configurator240), and/or a limit on number of DSCP packets per second, or any otherlimit of similar nature. In some embodiments, these limits may beenforced for the whole latency-oriented router 120 (for example, byavoiding DSCP modifications and/or forcing DSCP to values such as DF(binary 000000) or CS1 (binary 001000)—which for ease of reference maybe referred to as “low-priority DSCP values”. In some embodiments, theselimits may be enforced on a per-interface basis. In some embodiments,these limits may be enforced in a way that packets belonging to somelatency-critical sessions have DSCP modified to high-priority DSCPvalues, and packets belonging to some other latency-critical sessionshave DSCP unmodified or modified to low-priority DSCP values.

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the duplicator 250 may compress thepacket (and/or a part of the packet, including, but not limited to,packet body). Any compression algorithm may be used, including, but notlimited to, LZ77, Huffman coding, deflate, bzip2, LZHL (as described,for example, in Sergey Ignatchenko, “An Algorithm for Online DataCompression”, C/C++ Users Journal, Volume 16, Number 10 (October 1998),which is incorporated by reference herein in its entirety), and anycombination of these or any other compression algorithms, known now ordeveloped in the future.

In some embodiments, the compression used for the packets belonging tocertain latency-critical session may depend on the “app type” associatedwith this latency-critical session. In some embodiments, suchapp-specific compression may use knowledge about the structure of theapp-specific packet. In one non-limiting example, such an app-specificcompression may use information that at a certain offset within certaintype of app-specific packet (or at any other position which may beobtained by parsing the packet), there is a field which may have certainspecific meaning (for example, an enum field, such as “NPC state” field,which for the purposes of this example may take only 5 differentvalues). To compress such a field in such a non-limiting example in alossless manner, the app-specific compression may represent the fieldwith 3 bits. In another non-limiting example, statistics on the valuesof this field encountered while the game is played (and/or valuefrequency tables obtained from this statistics) may be used to generatea Huffman encoding for this field. Then this Huffman encoding may beused to encode this field with different number of bits depending on thespecific value (in one non-limiting example, the most frequent value outof the 5 possible ones may be encoded with 1 bit ‘0’, and remaining 4values may be encoded with 3 bits taking values ‘100’ to ‘111’). In someother embodiments, arithmetic encoding may be used instead of Huffmanencoding. It should be noted that such techniques are not limited toenum fields, and may be applied to any type of field.

In some embodiments, some of the fields may be compressed and some maybe left uncompressed (and may be transferred verbatim). In someembodiments, some of the fields may be split into two parts—compressedand uncompressed. In one example, a few high bits of a certain field(for example, representing a coordinate) may be seen as a sub-fieldwhich may be compressed using Huffman encoding, while the rest of thebits may be transferred verbatim.

In some embodiments, app-specific compression may use lossy compressiontechniques. In one non-limiting example, if the packet is known tocontain an 8-byte (64-bit) double field or 4-byte (32-bit) float fieldwhich contains a value of an angle (which angle may be known to be usedonly for rendering purposes by receiving side of communication),app-specific compression may transfer it as a fixed-point value of onlya few bits long (for example—8 to 10 bits).

In some embodiments, app-specific compression may involve an“incremental compression”, whereby the compression may refer to or relyon previously sent packets. This reference to previously sent packetsmay facilitate “incremental” compression techniques such as or similarto LZ77 and/or compression techniques using “delta compression”. In someembodiments, such “incremental” compression techniques may use areference to a packet with packet_ID=X. For example, LZ77 may refer toan “offset Z within packet X”, and “delta compression” may use packet Xas a reference packet. In one example, compressed packet Y based onpacket X may say that “nothing has changed since packet X” for a certainfield or several fields; in another example, compressed packet Y may saythat “this field has changed by increment DELTA since packet X”. Ifpacket-based communication (such as UDP packets) is used between theparties, then the protocol between the communicating parties may alsoinclude a field “packet_ID_ACK”, which may be filled by the other sideof communication to a value of the last packet received. Upon receivingsuch packet_ID_ACK, compression technique may use the value of thispacket_ID_ACK as an indication that the other side already has thispacket_ID_ACK, and may use this packet_ID_ACK as a reference packet Xfor compression purposes. If a reliable stream communication (such asTCP or TLS-over-TCP) communication is used between the parties, then anoffset within the stream (for example, from the very beginning, or fromcurrent position) may be used to refer to older values, instead ofpacket X. In such cases, it may be assumed that by the time when thenext portion of the stream is received, all the previous data within thestream has also been received (and may be used for reference in“incremental” compression techniques).

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the duplicator 250 may modify all or someof the copies of the packets by adding one of IP “source route” optionsto IP header (known as loose source and record route (“LSRR”) and strictsource and record route (“SSRR”), as defined, for example, in RFC791,the entirety of which is incorporated herein by reference) and/ormodifying the destination IP field (for ease of reference, this processmay be referred to as “source route modification”). In some embodiments,LSRR/SSRR header may be added with “route data” containing destinationIP field of the packet, and then destination IP field may be modified tocontain a “target” IP address (which may be, for example, one of IPaddresses of the latency-oriented proxy 121). In some embodiments, themodification described above (effectively adding destination IP addressto LSRR/SSRR header, and replacing destination IP address with a“target” IP address), may be repeated more than once to add “preferredroute” to the packet. In some embodiments, “preferred route” may be, forexample, received from the latency-oriented proxy 121 (or from someother server on the Internet), in response to a special “preferred routerequest” coming from the latency-oriented router 120. In otherembodiments, “preferred route” may be associated with “app type”. Insome embodiments, “source route packet modification” may be made before,after, or instead of, “proxy translation” described above. For IPv6packets, IPv6 “routing header” (for example, “Type 0” routing header asdefined in RFC2460, the entirety of which is incorporated herein byreference) can be used to implement “source route modification” in asimilar manner.

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, duplicator 250 may modify each copy ofthe duplicated packets, adding its own field packet_ID to some or eachof the copies it sends to interface 204. This field can be added, forexample, by “wrapping” the original packet (or original packet body)inside of new packet (or new packet body), with an additional packet_IDfield within “new” packet (or packet body). The packet_ID may be, forexample, an integer that is incremented for each packet going to thesame Latency-oriented proxy, and/or for each packet going to the same(target_IP, target_port), and/or for each packet belonging to the same“latency-critical session” as identified by the outgoing detector 220.Such packet modification may be performed either instead of, or inaddition to, other modifications to IP addresses and/or to portsdescribed above.

In other embodiments, for some types of well-known traffic types, it maybe unnecessary for the duplicator 250 to add its own identifier tocopies of the packet, if each incoming packet may already contain anexisting_packet_ID with similar properties, and it is possible toretrieve this existing_packet_ID from the packet. For example, quiteoften UDP packets of game traffic already have an integer field ofwell-known size (for example, located at a pre-defined offset from thepacket start) which is normally incremented by the game client.Alternatively, such an incremented-by-game-client field may be obtainedvia alternative techniques for parsing of a known format including, butnot limited to, descrambling, decompression, variable-length fieldparsing, and fixed-length field parsing. If an identifier representativeof an existing_packet_ID is already present, then for the traffic comingfrom the client, the duplicator 250 may skip adding the identifier, anddeduplicator 260 on the other side of communication may use the existingidentifier from the packet instead.

In some embodiments, before duplication, the packet may be split intoseveral packets (which, for ease of reference, may be referred to as“X-Fragmentation”). In such embodiments, each of the “X-Fragments” mayhave its own packet_ID, plus information necessary to reassemble thepacket on the receiving side (such as the number of current fragments inthe packet and the total number of fragments in the packet). In suchcases, “X-Fragmentation” is different from, and may have a significantadvantage over usual IP-level fragmentation because “X-Fragments” areduplicated and the packet can be reassembled if ANY of the copies of the“X-Fragment” reaches the destination. “X-Fragmentation” has asignificant advantage in probability of packet reassembly on thereceiving side. In one example, if the probability of fragment loss is10%, and two fragments are sent by two interfaces each, traditionalIP-level fragmentation/defragmentation will successfully defragment thepacket ONLY if both fragment are received through interface A or bothfragments are received through interface B. The probability that suchdefragmentation will be successful, and given the assumptions discussedherein, is 1−(1−0.9{circumflex over ( )}2){circumflex over ( )}2 (orapproximately 96%). With “X-Fragmentation”, on the other hand, thepacket can be successfully reassembled even if the first fragment camethrough interface A and the second fragment came through interface B(and vice versa). With “X-Fragmentation”, the probability thatdefragmentation will be successful, and given the assumptions discussedherein, is (1−(1−0.9){circumflex over ( )}2){circumflex over ( )}2 (orapproximately 98%).

In some embodiments, “X-Fragmentation” may be performed by duplicator250 because the original packet is too large compared to the MTU of oneof the interfaces. Unlike traditional IP fragmentation, with“X-Fragmentation”, “X-Fragments” may be created for all the interfaces(even for those where MTU is not exceeded), and the “X-Fragments” forall the interfaces may be the same. This may facilitate “X-Fragment”reassembly advantages as described above.

In some embodiments, “X-Fragmentation” (and/or creating usual IP-levelfragments as described in RFC791) may be performed by duplicator 250 toavoid sending packets larger than a certain threshold, even if thisthreshold is lower than usual MTU limitations. This may improve thechances that the packets pass and/or improve latencies on the waythrough the Internet (based on an observation that certain routers onthe Internet have routing policies to favor small packets). As describedabove, such “size-based forced fragmentation” may start fragmentingpackets even when usual MTU-based fragmentation is not required yet; inother words, “size-based forced fragmentation” may be triggered earlierthan MTU-based fragmentation. In some embodiments, the threshold for“size-based forced fragmentation” may be taken as a constant (withexamples for typical threshold constant values being 200, 100, and 50bytes), or may be obtained via configurator 240. In some otherembodiments, the threshold may depend on “app type”.

In some embodiments, “size-based force fragmentation” may be usedtogether with proxying techniques. In some other embodiments, it may beused without any proxying. The latter may be achieved, for example, byusing usual IP-level fragments as mentioned above.

In some embodiments, duplicator 250 may decide to disallow large packetsinstead of fragmenting them. In one example, if a packet belongs to anapplication that is known to implement Path MTU Discovery (“PMTUD”), andthe IP packet has the “Don't Fragment” flag set, and the size of thecurrent packet is larger than a certain threshold (which may be the sameas, or may be different from, the threshold used for “size-based forcedfragmentation”), duplicator 250 may decide to drop the packet, and issuean Internet Control Message Protocol (“ICMP”) DestinationUnreachable/Datagram too big packet (which may be a standardnotification used for PMTUD purposes, as described, for example, inRFC1191, RFC1981 and/or RFC4821, the entirety of each of which isincorporated herein by reference). In some embodiments, whether anapplication with UDP packets is known to implement PMTUD may be decidedon the basis of a flag associated with the particular “app type”, andall TCP connections may be interpreted as implementing PMTUD. In otherembodiments, whether an application is known to implement PMTUD may bebased on the flag associated with the “app type” of a particular packet,regardless of the protocol.

In some embodiments, duplicator 250 may delay some of the copies, inparticular some of the copies sent over the same interface. In someembodiments, delays may be calculated depending on the “app type” of thelatency-critical traffic (“app type” may be reported by outgoingdetector 220 and may contain parameters such as “expected packet rate”)and/or configuration information from configurator 240. Alternatively,some of the copies may be delayed depending on the “app type” incombination with other factors.

In some further embodiments, the packet copies may be spread evenly overa time period tau. Time period tau may be calculated in a variety ofways, including (by way of non-limiting example) as “expected packetrate” from the “app type”, some function of “expected packet rate”,and/or some function of the “detected packet rate” and the “expectedpacket rate”. When these multiple copies are sent over the sameinterface, especially with delays, the chances that at least one copy isdelivered may be improved.

In one non-limiting example, in the event the outgoing detector 220detects and reports that the packet belongs to a game traffic that isknown to send 50 packets per second (i.e., normally each packet comesevery 20 ms), then the outgoing detector 220 may report “app type” withan “expected packet rate” of 20 ms. In this example, duplicator 250 mayuse configuration information from configurator 240 to send, forexample, 3 copies of each incoming packet to interface 204, and furthertwo copies to interface 204A (not shown). In this non-limiting example,based on the “expected packet rate” of 20 ms, the first copy tointerface 204 may be sent immediately; a second copy to the sameinterface 204 may be delayed by 20/3 ms (or approximately 6.6 ms); and athird copy to the same interface may be delayed by 2*20/3 ms (orapproximately 13.3 ms). Two copies of the incoming packet to interface204A (not shown), may be sent as follows: first copy being sentimmediately; and a second copy being delayed by 20/2 ms (orapproximately 10 ms). A person skilled in the art would appreciate thatthe delayed time periods in this example are selected for illustrationpurpose and are not intended to limit the scope of the disclosure.

In some embodiments, sending some of the copies and/or delays may berelative to the currently processed packet (as described in examplesabove). In some other embodiments, when “app type” for alatency-critical session includes “expected packet rate”, asynchronization technique such as Phase-Locked Loop and/or Delay-LockedLoop may be maintained for a “latency-critical session” and the outputof such synchronization technique(s) may be used for synchronizationpurposes, sending some of the copies and/or delays relatively to theoscillations (which will correspond to “expected packet times”) asreported by the synchronization technique such as Phase-Locked Loopand/or Delay-Locked Loop. In employing such a technique, jitter in theoutgoing copies being sent may be reduced. Such a Phase-Locked Loopand/or Delay-Locked Loop techniques may be implemented either inhardware or in software, or in a combination of both. In someembodiments, “detected packet rate” may be used instead of or inaddition to “expected packet rate”.

In some embodiments, information on “when the next latency-criticalpacket is expected” (referred to as “T_(next)”) may be provided to othercomponents (such as outgoing traffic controller 270). T_(next) may beobtained, for example, by using the delay calculated from “expectedpacket rate” or “detected packet rate” and the last packet received, orbased on synchronization techniques such as Phase-Locked Loop orDelay-Locked Loop. In some embodiments, T_(next) may be a minimum ofsome or all the “next latency-critical expected” estimates for severaldifferent latency-critical sessions.

In some embodiments, duplicator 250 may additionally implement some orall of the functionality which is described with respect to duplicator252. In particular, duplicator 250 may implement “reverse NAT-liketranslation” and/or “reverse proxy translation”. Such implementation maybe used, for example, for the router-to-router communication as shown inFIG. 1I.

In one embodiment, upon the detection by outgoing detector 220 that theincoming packet belongs to “other traffic”, outgoing detector 220 maydirect the packet to outgoing traffic controller 270. In someembodiments, outgoing traffic controller 270 may modify packets toperform “NAT-like translation” and/or one or more of traditional NATtranslation techniques as described in RFC2663, RFC3022, RFC4787 and/orRFC5382. “NAT-like translation” can be implemented, for example, in oneof the ways described for “NAT-like translation” with respect toduplicator 250.

In some embodiments, outgoing traffic controller 270 may implement oneor more of the techniques to reduce the impact of the other traffic onlatency-critical traffic under certain conditions. For the purposes ofthis disclosure, these techniques are collectively named as“suppression” of “other traffic”.

It should be noted that “suppression” techniques as described within thepresent disclosure may be different from “prioritization” techniqueswhich are used, for example, in various Active Queue Managementtechniques (including, but not limited to, RED, CoDel, HTB, CBQ andHFSC). In particular, “prioritization” techniques address determiningwhich packet to push into an interface and, as such, may not allow oraddress dropping packets if/when the respective target interface isavailable for transfer. The “suppression” techniques discussed herein,on the other hand, may allow dropping of packets even if the targetinterface is not in use when the decision to suppress the packet ismade. In an another exemplary difference between “suppression” and“prioritization” techniques, “prioritization” techniques may not takeinto account traffic which goes in the other direction (e.g., packetsmoving from interface 202 to interface 204 may not be affected bytraffic going from interface 204 to interface 202), while “suppression”techniques may take such traffic into account.

According to some embodiments, “suppression” techniques may include“potential issue detection” techniques and “enforcement” techniques.When one or more of “potential issue detection” techniques reports thatthere may be a reason to “suppress” “other traffic”, one or more of the“enforcement” techniques may be invoked.

In some embodiments, “potential issue detection” techniques may includedetecting limits on amount of “other traffic” (and/or “all the trafficcombined”). These limits may be set, for example, as maximum number ofpackets per second, or as maximum number of bits transferred per second(note that instead of “per second”, any other time interval may beused). In some embodiments, these limits may be taken from configurationinformation received from configurator 240. Alternatively, these limitsmay be calculated based on information associated with the interfaces.For example, if one of the interfaces 204 is a relatively slow ADSL, itmay be undesirable to use more than certain percentage of its traffic,such as 50%, while the latency-critical session is in progress. In thisexample, a threshold such as “50%” may be pre-defined for the ADSL, ortaken from configuration information received from configurator 240.Still alternatively, the limits may be obtained both from configurationinformation received from configurator 240 and calculated based oninterface information, and a function (such as a minimal value)calculated based on the these two set of values.

In some embodiments, “potential issue detection technique” may uselimits on a per-connection basis. In one example, a limit of “maximum 1Mbit/s for any of TCP connections, for any of QUIC sessions, and for anyBitTorrent UDP Tracker session” may be used (note that any other maximumrate may also be selected, and also the limit may be different for TCP,QUIC, and BitTorrent).

In some embodiments “potential issue detection” techniques may includedetecting whether there is currently a latency-critical traffic (asreported by outgoing detector 220). In such embodiments, if there is nocurrent latency-critical traffic, all the other “potential issuedetection” techniques may be disabled, with no “enforcement” actionstaken to suppress other traffic. In some embodiments, information aboutthe nature of “app type” of the latency-critical session currently inprogress (as reported by outgoing detector 220) may be used to choose“enforcement action” (or some parameters of “enforcement action”),and/or to affect other “potential issue detection techniques”. Forexample, in one exemplary embodiment, if the VoIP session is inprogress, traffic limits for other potential issue detection techniquesmay be set higher, and “enforcement” action may be limited to droppingnot more than 20% of the packets of the “other traffic”. If on the otherhand, a first-person-shooter game is in progress, traffic limits forother potential issue detection techniques may be set lower, and“enforcement” action may be allowed to drop all the packets necessary toachieve required traffic restrictions. Such configuration informationmay be stored, for example, in storage 217 and controlled byconfigurator 240. Alternatively, this configuration information may be apart of the logic implemented by core 210.

In some embodiments, the following method may be used as one of“potential issue detection” techniques. Latency-oriented router 120 mayrequest one or more of external servers, which may or may not bedirectly involved in any of the communications going over interface 202,to send packets to the latency-oriented router 120 (for example, to sendpackets once or at certain intervals). In some embodiments, “ping” ICMPpackets may be used for this purpose. In other embodiments, UDP packetswith the purpose similar to “ping” may be used. Such packets, uponarrival to interface 204 of the latency-oriented router 120, may be usedto calculate information about the packet loss from these servers (forexample, servers may number the packets as it is common for ‘ping’requests), as one of the indicators of congestion over the incomingchannel. In some further embodiments, special servers may be set up forthis purpose. In some embodiments, round-trip times of such ping and/orping-like packets may be used as an additional “potential issuedetection” technique.

In some embodiments, “measured round-trip time” between latency-orientedrouter 120 and any of the proxies (such as latency-oriented proxy 121,intermediate proxy 122, or simple proxy 124), may be used for one ormore “potential issue detection” techniques. For ease of reference, oneside of the communication may be referred to as side A and another sideof the communication may be referred to as side B. In some of suchembodiments, ICMP pings (or UDP ping-like packets, which may be repliedback by side B of the communication) may be used to calculate round-triptime. In some other embodiments, existing packet exchanges may be usedto calculate round-trip time (which, for ease of reference, may bereferred to as “round-trip piggy-backing”). In one example, some or allof the packets sent by side B of the communication may include twoadditional fields: (a) reference_packet_ID and (b)ΔT_since_reference_packet_ID. The field ΔT_since_reference_packet_ID mayhave a value representing the amount of time that has passed from whenthe reference_packet_ID was received by side B to when the currentpacket was sent by side B to side A, as measured by side B to thecommunication. The measured round-trip time may be determined asT_(recv)−T_(sent)−ΔT_since_reference_packet_ID, wherein T_(sent) is thetime when the original packet X (with a packet_ID=X) was sent by side Aof the communication, T_(recv) is the time when the packet Y (withpacket_ID=Y, reference_packet_ID=X, and ΔT_since_reference_packet_ID) isreceived by side A, ΔT_since_reference_packet_ID is obtained from packetY, and X & Y are generic designators for any packet identifier. BothT_(sent) and T_(recv) may be measured by side A of the communication.Then, statistics on this measured round-trip time may be obtained(including, but not limited to, averages over certain period of time,deviations, changes of the measured round-trip time, averages, anddeviations, and so on).

In some embodiments, measuring “jitter” may be used as one of “potentialissue detection” techniques. For example, if latency-oriented router 120has identified a certain latency-critical session as having intervalbetween the packets at T milliseconds (this interval can be derived, forexample, from “expected packet rate” associated with “app type”, and/orfrom “detected packet rate”), then it may measure the difference ΔTbetween expected packet time arrival (which can be calculated, forexample, as previous-packet-time-of-arrival, plus T, or based on PhasedLocked Loop/Delay Locked Loop), and then to gather some statistics of ΔTover “measurement interval”, which “measurement interval” may be, forexample, last N packets (or over last TT seconds). In some embodiments,such statistics may be, for example, the sum of absolute values of ΔTover the “measurement interval”, or the sum of squares of ΔT over the“measurement interval”. In some embodiments, instead of calculating ΔT,differences between times of packet arrivals (referred to as “T_(gap)”)may be measured, and variation of T_(gap) over the “measurementinterval” may be used as the statistics. These statistics (which, forease of reference, may be referred to “measured jitter”) may be used asone of the “potential issue detection” techniques. In some embodiments,if “measured jitter” goes above certain threshold, it may be used as atrigger for some of the “enforcement techniques”.

In some embodiments (for example, for certain “app types”), the packetmay contain information which is used to calculate latency to be shownon the game client. In one example, (a) packet A coming from the userdevice 110 to server 180, may contain ID of the packet; and (b) packet Bcoming from the server 180 to user device 110, may contain ID of thelast packet received by the server before packet B was sent. In suchcases, latency-oriented router 120 may calculate latency over the pathfrom latency-oriented router 120 to server 180 and back, and thislatency may be named as “almost-end-to-end-latency”. Suchalmost-end-to-end latency may be used for one or more of “potentialissue detection” techniques.

In some embodiments, a user-device-agent (not shown) running on the userdevice 110 may extract end-to-end latency for the application, asmeasured and/or shown by the application client running on the userdevice 110. Such extraction may be implemented, for example, by readingcertain location(s) in application client memory, and/or by interceptingcertain system and/or library calls (for example, by making a “wrapping”DLL or .so library to “wrap” a system call which draws a value on thescreen) and/or by reading the value from the screen and performingOptical Character Recognition (OCR). Such end-to-end latency may becommunicated by the user-device-agent to latency-oriented router 120(this communication may be implemented, for example, by sending specialpackets and/or by adding information to existing packets and/or by usingexisting communication devices and protocols, including, but not limitedto, TCP, HTTP, etc.). In some embodiments, such a communicatedend-to-end latency may be used by latency-oriented router 120 for one ormore of “potential issue detection” techniques.

In other embodiments, the latency-oriented router 120 may issue packets(for example, pings) itself, and may use statistics on ping replies(including, but not limited to, packet loss and round-trip time) to thepings as an indicator of congestion over incoming channel. In this case,round-trip time may be calculated as the time between the moment whenlatency-oriented router 120 has sent a “ping”-like packet, and when itreceives a reply to it.

In some embodiments, the other side of communication may monitor qualityof one or more of the incoming channels (using, for example, one of“potential issue detection” techniques), and to send a special“connection quality” packet to latency-oriented router 120 (or attachthis special “connection quality” as a separate field to any otherpacket directed to the latency-oriented router 120). This “connectionquality” packet may be sent, for example, at regular intervals and/or onsignificant changes in connection quality observed by the other side ofcommunication. This special “connection quality” packet and/or field maythen be analyzed by the latency-oriented router 120, and considered asone of “potential issue detection” techniques. In some embodiments, thelatency-oriented proxy 121 may issue other packets and/or fields (suchas “forward connection quality” or “overload”), which may be analyzed bythe latency-oriented router 120 and considered as one of “potentialissue detection” techniques.

In some embodiments in which a TCP protocol is used, detection of a“potential issue” may be implemented by the detection of the receipt ofduplicate TCP ACKs (which, for usual TCP implementations, may indicate apacket loss). In some embodiments, an ACK may be considered a duplicateif the value of the ACK field in the TCP header of the packet is thesame as it was for a previous packet. No other parts of the packet mayneed to be matched for an ACK to be considered a duplicate. In someembodiments, the detection of the receipt of more than one duplicate ACK(for example, two or three duplicate ACKs) may be required to beconsidered a “potential issue”. In some embodiments, there may be morethan one “potential issue” linked to the receipt of duplicate ACKs. Forexample, the receipt of one duplicate ACK may correspond to a first“potential issue”, and the receipt of two duplicate ACKs may correspondto a second “potential issue”. In such case, the second potential issuemay carry greater “weight” when determining appropriate enforcementtechniques.

In some embodiments, latency-oriented router 120 may add a special “tag”field to some or all of the packets. At the other side of thecommunication, this “tag” may be used to report “connection quality”. Insome of these embodiments, the latency-oriented router 120 may send aspecial “tag stats request” packet (or a field) requesting statisticsfor a specified “tag”, and the other side of the communication may replyto such request with, for example, a “tag stats reply” packet and/orfield. Such “tag stats reply” packet or field may include, for example,statistics about packet loss and/or “relative latencies” for the packetswith this “tag” coming over current latency-critical session).

In some embodiments, these “tag” fields may be used to allow thelatency-oriented router 120 to perform experiments, calculate theresulting packet loss and/or latencies, and make decisions based on theresults of this calculation. In one embodiment, latency-oriented router120 may try different sizes of “X-Fragments”, tagging different sizeswith different tags, and requesting statistics for different “tags” fromthe other side of the communication. In one embodiment, based on thisper-tag statistics, the latency-oriented router 120 may be able toselect a size of “X-Fragments” which is optimal at the moment. In oneexample, the latency-oriented router 120 may choose the size whichcauses the least packet loss. Alternatively, the latency-oriented router120 may choose the size which causes the smallest latency. Stillalternatively, the latency-oriented router 120 may choose the size thatminimizes a result of a weight function using packet loss, latenciesand/or overhead due to fragmenting as the weight function parameters.Still alternatively, any combinations of these techniques are alsopossible. In one embodiment, the latency-oriented router 120 may trydifferent numbers of copies sent over each interface (or any otherchoice which may affect the connectivity including, for example, tryingdifferent values for T_(reserve)) in a similar manner—trying differentvalues, “tagging” them with different “tags”, requesting statistics, andmaking a choice based on the statistics received.

In some embodiments, additional “potential issue detection” techniquesmay be implemented by other components, for example, by the deduplicator260.

In some embodiments, experiments to determine optimal latencyoptimization options may be performed by the latency-oriented router 120without using “tags”. In one example, latency-oriented router 120 mayexperiment with rate limits on DSCP modifications (for example, DSCPmodifications as described with respect to duplicator 250). In suchembodiments, latency-oriented router 120 may try to gather statistics ondifferent DSCP rates (observed with or without DSCP limits beingenforced) during extended periods of time (such as minutes or hours),and on quality of traffic (such as measured round-trip times and/orpacket loss) observed with these DSCP rates. Then, these statistics maybe used to enforce DSCP rate limits to ensure optimal quality oftraffic. In one non-limiting example, if statistics indicate that DSCPrates over 1 Mbit/s tend to cause sharp drop in deliverability and/orlatency of the DSCP-labeled packets, latency-oriented router 120 maydecide to start imposing a DSCP rate limit of 1 Mbit/s (or a somewhatsmaller number, such as 500 kBit/s).

In some embodiments, the “potential issue detection” techniques listedabove may be combined using rule-based logic. For example, potentialissue detection technique C may be defined as “true” if potential issuedetection technique A reports value >=X and potential issue detectiontechnique B reports value “true”. In another example, “potential issuedetection” techniques may be combined by weighting their respectiveoutputs with some pre-defined or configured-and-stored-in-storageweights which may be stored in storage 217.

In some embodiments, any or all of the “potential issue detection”techniques described above, maybe used separately for differentinterfaces 130, and/or over any combination of interfaces 130. Thisinformation, in turn, may be used to take “enforcement” actions overspecific interfaces 130, and/or over combinations of interfaces 130.

In some embodiments, when one or more of “potential issue detection”techniques indicate that their respective conditions are met, an“enforcement” action may be taken. For example, the “enforcement” actionmay be taken by outgoing traffic detector 270 or incoming trafficdetector 271. In some embodiments, when a “potential issue detection”technique detects a certain condition (such as “traffic limit isexceeded”), the outgoing traffic controller 270 may start using an“enforcement” action. For example, the “enforcement” action may includedropping some of the packets that belong to “other traffic”.

In some embodiments, dropping packets may lead to the sending side of“other traffic” connection (such as sending side of TCP connection)reducing the rate of sending, which potentially reduces congestion onthe routers and connections along the way (in particular, reducingcongestion over the “last mile”, which in turn may improve userexperience with regards to “latency-critical traffic”).

In some embodiments, the percentage of packets that are dropped may bepredetermined. In other embodiments, the percentage of packets that aredropped may be increased gradually while the corresponding “potentialissue” continues to be detected.

In some embodiments, the packets that would cause a certain limit to beexceeded may be dropped. For ease of reference, this technique may bereferred to as “limit-based enforcement action.” The limit may be thesame as, or different from, the limit(s) used for “potential issuedetection” techniques.

In some embodiments, the “app type” may include an associatedmaximum_percentage_of_the_packets_to_be_dropped field, which representthe maximum percentage of packets that may be dropped when implementingthe “limit-based enforcement action.” In other words, when available,the maximum_percentage_of_the_packets_to_be_dropped field would causethe limit-based enforcement action to drop only those packets thatexceed a certain limit and do not exceed the value of themaximum_percentage_of_the_packets_to_be_dropped field. This field mayhave any appropriate value (for example, but not limited to 5%, 10%, or20%). The value of the maximum_percentage_of_the_packets_to_be_droppedfield be provided by, for example, the configurator 240. In someembodiments, the maximum_percentage_of_the_packets_to_be_dropped valuemay be calculated and/or taken into account on a per connection basis(such as per TCP connection, per Quick UDP Internet Connection (“QUIC”),and/or per BitTorrent UDP Tracker connection). In some otherembodiments, the maximum_percentage_of_the_packets_to_be_dropped valuemay be calculated and/or taken into account on a per interface basis,per latency-oriented router basis, and/or on a per user-device basis.

In some embodiments, an “enforcement action” may include delaying ofsome or all of the packets belonging to “other traffic”. This in turnmay lead to the sending side of “other traffic” connection (such assending side of TCP connection) reducing the rate of sending, whichpotentially reduces congestion on the routers and connections along theway (in particular, reducing congestion over the “last mile”, which inturn may improve user experience with regards to “latency-criticaltraffic”). In some embodiments, the amount of time that packets aredelayed may be may predetermined. In other embodiments, the amount oftime that packets are delayed may be increased gradually while thecorresponding “potential issue” continues to be detected.

In some embodiments, all the packets belonging to “other traffic” may bedropped by outgoing traffic detector 270 and/or incoming trafficdetector 271 when one or more of “potential issue detection” techniquesindicate that their respective conditions are met. In some furtherembodiments, outgoing traffic detector 270 and/or incoming trafficdetector 271 may issue a “terminate session” packet back to sender inresponse to some or all of the incoming packets; for example, for a TCPconnection the “terminate session” packet may be a TCP RST packet.

In another embodiment, the outgoing traffic controller 270 may use adifferent “enforcement” action, such as attaching an Explicit CongestionNotifications (ECNs) to the packets it sends. This may be done, forexample, according to RFC3168 (the entirety of which is incorporatedherein by reference), by setting a CE indication within the packet. Insome embodiments, the outgoing traffic controller 270 as described inthe present disclosure may differ from classical AQM techniques (such asRED, CoDel, HTB, CBQ, HFSC, etc.) in that the latency-oriented routeraccording to the present disclosure may trigger packet drop or ECN notonly because one of the queues of the router is full (which may rarelybe the case for incoming traffic), but also because of otherconsiderations, such as the presence (and/or low perceived quality) ofthe latency-critical traffic. In an embodiment, when “potential issuedetection” technique ceases to indicate the condition, outgoing trafficcontroller 270 may stop using respective “enforcement” action.

In some embodiments, there is one or more outgoing queue(s) betweenoutgoing traffic controller 270, which may mean that the packet, afterbeing processed by outgoing traffic controller 270, may be delayed for acertain time before reaching the interface 204. In such embodiments,transfer of the packet itself over the interface 204 may also benon-instantaneous (for example, transferring a 1500-byte packet over 1Mbit/s connection may take 12 milliseconds, and 12 milliseconds mayqualify as a significant delay for latency-critical applications). Insome embodiments, to account for both these potential delays, theoutgoing traffic controller 270 may implement an “enforcement” techniquewhich, for ease of reference, may be referred to as “allocating timeslots.”

In some embodiments, the “allocating time slots” technique may useinformation about when the next latency-critical packet is expected(which may be provided, for example, by outgoing detector 220 and/orduplicator 250). When information is available that the nextlatency-critical packet is expected around time T_(next), outgoingtraffic connector 270 may stop sending “other traffic” packets to aninterface 204 at time T_(cutoff)=T_(next)−T_(reserve), where T_(reserve)may be some predefined time for the interface 204. This stop sending ofthe “other traffic” packets mechanism may be implemented, for example,as stopping processing of all the “other traffic” packets by outgoingtraffic controller 270, or as dropping the packets intended for theinterface 204, or as postponing packets intended for the interface 204(for example, by putting them in a separate queue until thelatency-critical packet comes through). In some embodiments, T_(reserve)may depend on the size of the packet (for example, requiring morereserve for larger packets). In such cases, T_(reserve) may bedetermined as the function T_(reserve)(packet_size_in_bits)=C+packet_size_in_bits*interface bitrate, where Cis a constant time, packet_size_in_bits is the size of the packet inbits (which may be, for example, calculated as size of the packet inoctets multiplied by 8), and interface bitrate is the interfacebandwidth (measured in bits/second).

In some embodiments, “stop sending” may include forced fragmentation(for example, traditional IP-level fragmentation, as described in RFC791and/or “X-Fragmentation”). For example, the packet may be fragmentedwhen the whole packet cannot be transmitted in T_(reserve)(packet_size_in_bits), but some meaningful part of the packet can be.The rest of such force-fragmented packet may be transmitted as anadditional IP fragment (and/or “X-Fragment”) after the sending of thepackets is resumed. In some embodiments, if a packet that is about to befragmented has a “Don't Fragment” flag and is above a certain thresholdin size (e.g., 576 bytes), the “allocating time slots” enforcementtechnique may decide to drop the packet and issue an ICMP “DestinationUnreachable/Datagram too big” packet back to packet originator. If thepacket has a “Don't Fragment” flag set but there is no size thresholdset, then “allocating time slots” enforcement technique may decide topostpone the packet until packet sending is resumed.

In some embodiments, sending of the packets may be resumed after theexpected latency-critical packet is processed, when the estimate of theT_(next) changes, and/or after a predefined timeout (in someembodiments, timeout t may be related to “detected packet rate” Rdand/or “expected packet rate” Re, for example, as t=1/Rd*alpha ort=1/Re*alpha, with alpha taking values from 0 to 1). In someembodiments, T_(reserve) may be chosen, taking into account typical ormaximum delays in queues and/or typical or maximum delays with regardsto sending packets over certain interface 204. In some embodiments,T_(reserve) may have different values for different interfaces 204.

In some embodiments, “enforcement” actions may be applied on aper-connection basis (such as per-TCP-connection, per-QUIC-connection,or per-BitTorrent UDP Tracker connection). For example, if the outgoingtraffic controller 270 detects that most of the outgoing traffic goesover a few TCP connections (these traffic intensive connections may, forease of reference, be referred to as “traffic hogs”), then outgoingtraffic controller 270 may drop only some or all packets from these“traffic hog” connections, and leave other connections from the “othertraffic” category free of “enforcement” actions for longer. In otherembodiments, outgoing traffic controller 270 may refrain from droppingtoo many packets in a row from the same connection, and try to spreadpacket drops more evenly across various “other traffic”. In someembodiments, “enforcement actions” may be applied in a manner similar towhat is described above, on per-traffic-type basis (for example,separating all the traffic into groups such as “HTTP traffic”, “QUICtraffic”, “BitTorrent traffic”, “Whatsapp traffic”, and so on).

In some embodiments, outgoing traffic controller 270 may use different“potential issue detection” techniques to cause different “enforcement”actions. In one example, there may be two different “potential issuedetection” techniques using different sets of rules. In an embodiment, apotential issue detection technique with lower set of limits may beassociated with an “enforcement” action of dropping packets, and anotherpotential issue detection technique with a higher set of limits, may beassociated with a different “enforcement” action, which issues ECNs. Insome embodiments, the outgoing traffic controller 270 may differentiatethe severity of traffic-suppressing “enforcement” actions depending onthe detected issues in latency-critical traffic. In one example,latency-oriented router 120 may have two “potential issue detection”techniques with different sets of thresholds, with one “potential issuedetection” technique associated with an “enforcement” action resultingin up to 20% packet drop in “other traffic” when the end-to-end latencygrows over a first threshold, and the other “potential issue detection”technique associated with an “enforcement” action causing an immediatestop to all the “other traffic” when the end-to-end latency grows over asecond threshold.

In some embodiments, after the outgoing traffic controller 270 is donewith processing the “other traffic” packet, it may send the (potentiallymodified) packet to one of interfaces 204. In some embodiments, outgoingtraffic controller 270 may select the interface 204 to which to send the“other traffic” packet based on one or more criteria, including but notlimited to: (a) where traffic within the same “other traffic” sessionwas sent (such as “TCP connection); (b) load statistics on interfaces204 (in some embodiments it may be “recent” statistics, such asstatistics over last NN seconds), and/or (c) any “potential issues”detected for any of the interfaces 204.

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the outgoing traffic controller 270 maymodify all or some of the copies of the packets by modifying theDifferential Services Field within the IP header (such as IPv4 header orIPv6 header) and, in particular, the DSCP portion of the field (forexample, as defined in RFC2474). In some embodiments, the DSCP field canbe modified to indicate that DSCP is equal to “DF” (also known as “CS0”with a binary value of 000000) or “CS1” (binary value 001000), asdefined, for example, in RFC4594 and/or RFC5865. This DSCP modificationmay be applied, for example, as an “enforcement” action, or in anotherexample, it may be applied regardless of any “enforcement” actions toall the packets belonging to “other traffic”.

In some embodiments, when sending one or more copies of the packet toone or more of interfaces 204, the outgoing traffic controller 270 mayuse EDCA and/or HCCA, using access class of AC_BK or AC_BE for thepackets belonging to “other traffic”. This technique may be ofparticular interest in embodiments such as those shown in FIG. 1F and/orFIG. 1G.

According to some embodiments, some packets may be received at interface204, pass through incoming detector 230, deduplicator 260 or incomingtraffic controller 271 and arrive at interface 202. In some embodiments,a packet coming from interface 204 may come to incoming detector 230,which detects whether the packet belongs to “latency-critical traffic”or to “other traffic”. This detection may be done using methods similarto the methods described for outgoing detector 220. In some embodiments,incoming detector 230 may perform traditional IP-level defragmentation.

In some embodiments, incoming detector 230 may use information aboutcurrent “latency-critical sessions” to, for example, detect whether thepacket belongs to “latency-critical traffic” or to “other traffic”. Inone example, the information about current “latency-critical sessions”may be maintained by outgoing detector 220. In another example, thisinformation may be used to facilitate detection of incominglatency-critical traffic. In one embodiment, if there is an incomingpacket with (source_IP, source_port), and there is a matchinglatency-critical session indicating that the communication peer hasexactly the same (source_IP, source_port) parameters (which may beindicated, for example, by latency-critical session having sessions'target_IP=packet's source_IP and session's target_port=packet'ssource_port), the packet may be classified as latency-critical and/orbelonging to that session without any additional analysis. In someembodiments, this information about the matching latency-criticalsession may be combined with other analysis methods described herein.

In some embodiments, information about latency-critical sessions fromoutgoing detector 220 may be combined with IP translation informationfrom duplicator 250 to identify the latency-critical session to whichthe packet belongs. For example, if within outgoing detector 220 thereis a latency-critical session Z having (target_IP, target_port)=(X0,Y0),and duplicator 250 reports that (target_IP, target_port) of (X0,Y0) ismodified to (X1,Y1) as a part of proxy translation described above, thenincoming detector 230 may associate incoming packets having (source_IP,source_port)=(X1,Y1) with latency-critical session Z. This logic mayrely on the latency-oriented proxy 121 using the same value for(target_IP, target_port) for the packets it sends as the value for the(source_IP, source_port) in the packets it receives. This technique is apart of the TCP standard, and is a common practice for UDP as well. Inanother example, if the packet has session_ID field (for example, addedby duplicator 250 of latency-oriented proxy 121), then this field may beused to match the incoming packet with the latency-critical sessionand/or to detect the packet as latency-critical traffic. In someembodiments, before passing such a packet to deduplicator 260, certainchecks may be performed to ensure that the data in the packet (such assource_IP/source_port) does match thesession-which-corresponds-to-session_ID. In some embodiments, thesechecks (which, for ease of reference, may be referred to as“packet-session validity checks”) may be performed in the manner similarto the session detection techniques described above, but may besignificantly faster because only one session (the one identified bysession_ID) may need to be analyzed.

In an embodiment, all the traffic coming over a certain port may beconsidered as latency-critical traffic. In such an embodiment, if allthe traffic from all the proxies goes over this port and only over thisport, and there is no non-proxied traffic, all the traffic coming overthe certain port may be considered as the latency-critical traffic.

In some embodiments, incoming detector 230 may provide information aboutincoming latency-critical packets to other parts of the system, such asto outgoing detector 220. This information may be used, for example, tofacilitate detection of the latency-critical sessions and/or presence oflatency-critical traffic as described above. Incoming detector 230 maydirect latency-critical packets to deduplicator 260, and/or direct“other traffic” packets to incoming traffic controller 271.

In one embodiment, deduplicator 260 may implement one or more of thefollowing functions: (a) packet deduplication; (b) “X-Defragmentation”;(c) one or more “potential issue detection” techniques; and/or (d)packet modification, including address/port translation and/or removalof certain fields added by the other side of the communication.

In some embodiments, deduplicator 260 may decompress the packet (and/ora part of the packet, including, but not limited to, packet body) usinga decompression algorithm that is a counterpart to the compressionalgorithm used to compress the packet (as described with respect toduplicator 250).

In some embodiments, deduplicator 260 may deduplicate incoming packetsby using the packet_ID identifier, which may be either added byduplicator 250 on the other side of communication, or may already bepresent in packets as an existing_packet_ID field described with respectto duplicator 250. In some embodiments, deduplicator 260 may store (forexample, in internal RAM) a last_packet_ID of the packets received via aparticular “latency-critical session” (which may be reported, forexample, by incoming detector 230). When a packet, associated with aparticular latency-critical session Z arrives to deduplicator 260 andhas a packet_ID that is greater than last_packet_ID-for-the-session-Z,deduplicator 260 may let it through, and modify the last_packet_IDparameter for the session Z. When a packet, associated with session Zarrives, and has a packet_ID that is smaller or equal to last_packet_IDfor session Z, deduplicator 260 may drop this packet.

In some embodiments, deduplicator 260 may also store information aboutadditional packets that have numbers below last_packet_ID but that havenot been received yet. Such embodiments may allow for out-of-orderpacket delivery while still ensuring that duplicates may be filteredout. For example, such information may be stored as a bit mask of arelatively small size (such as a few bytes) alongside the last_packet_IDparameter described above. In one non-limiting example, deduplicator 260may, in addition to last_packet_ID, store a bit mask with a meaning of“which packets earlier than last_packet_ID have not been received yet”.For example, if last_packet_ID=12345, and the bitmask has bits 00111000,it may mean that while last_packet_ID is 12345, there are still packetswith numbers 12342, 12341, and 12340 (corresponding to ‘1’s in the bitmask) that have not been received yet. In this embodiment, if a packetwith a “not-received yet” packet_ID arrives, deduplicator 260 may let itthrough, and reset the appropriate bit within the bit mask. If a “veryold” packet arrives (with a packet_ID which cannot be represented by thebit mask), the packet may be dropped. In some embodiments, instead of(or in addition to) a bit mask, a list of packet_IDs that have not yetbeen received (implemented as a list, array, etc.) may be used. In someembodiments, “very old” packet_IDs may be removed from the list, where“very old” packet_IDs is defined, for example, as those packet_IDs thatare less than last_packet_ID−a_threshold, (where a_threshold may have avalue, for example, in the range from 1 to 100). In other embodiments,if new packet_ID doesn't fit into the list/array because of sizelimitations, the oldest packet_ID may be removed from the list/array.

In some embodiments, deduplication may be implemented by storingrecently arrived packets, comparing such packets to other packets andremoving duplicates. In such embodiments, a packet_ID field may beunnecessary, and deduplicator 260 may store packets for some time afterreceiving them. Any newly arrived packet (or such packet's payload) maybe compared with the stored packets to determine whether such new packet(or its payload) is the same as any of the packets previously stored bydeduplicator 260. If a newly arrived packet is a match with any of thestored packets, such arriving packet may be discarded as a duplicate. Ifthere is no such match, deduplicator 260 may let the newly arrivedpacket through and/or may store it. In some embodiments, instead ofstoring whole packets, checksums and/or hashes (including, but notlimited to, any CRC checksum, any Fletcher checksum and/or any cryptohash such as SHA-256, SHA-3 or BLAKE) of a whole packet or any partthereof may be stored. In such case, upon the arrival of a new packet,the packet's checksum and/or hash may be calculated, and then comparedwith the checksums and/or hashes of the stored packets to determinewhether such new packet is the same as any of the packets previouslystored by deduplicator 260. In some embodiments, stored and/or comparedchecksums and/or hashes may be accompanied by packet size.

In some embodiments, deduplicator 260 may perform “X-Defragmentation”.“X-Defragmentation” may be a process of defragmenting packets fragmentedby “X-Fragmentation” on the sending side. In some embodiments,“X-Defragmentation” may be performed as follows. When an “X-Fragmented”packet arrives, deduplicator 260 may check if there is enoughinformation to produce the whole defragmented packet (i.e., that all thefragments of the defragmented packet have already arrived). In someembodiments, “whether there is enough information” may be derived from(fragment_number, total_number_of_fragments) fields which may becontained in each of the “X-Fragments”. If there is not enoughinformation, fragments (other than duplicates) may be saved (forexample, in internal RAM) for future use. Alternatively, if there isenough information, deduplicator 260 may produce a defragmented packetand send it to the interface 204, which may also remove all the storedfragments forming this packet to save space. In some embodiments,deduplicator 260 may remove fragments from the packets which are “tooold” to have any chance to arrive and to be reassembled. For example,“too old” may be interpreted as “having any fragment which is older thanall the bits in the current bit mask”.

In some embodiments, deduplicator 260 may implement some of the“potential issue detection” techniques as described above to facilitate“enforcement” actions by traffic controllers 270 and/or 271. In someembodiments, “potential issue detection” techniques may includemeasuring and/or estimating current quality of the latency-criticaltraffic. For example, if a sequentially-increasing packet_ID is added topackets by duplicator 250 or is contained within packets and can beobtained out of them, such “potential issue detection” techniques mayuse this sequentially-increasing packet_ID within deduplicator 260 tocalculate a number of packets lost in transit between latency-orientedproxy 121 and latency-oriented router 120. In some embodiments,deduplicator 260 may use a significant increase in number of lostpackets (which can be formalized, for example, as “rate of growth of the(potentially averaged over certain time) packet loss rate”) as a“potential issue detection” technique.

In some embodiments, if the packet rate of a specific game is well-known(and provided, for example, as “expected packet rate” associated withthe “app type” which may be detected by incoming detector 230), thepacket loss rate may be calculated by comparing the rate of receivedpackets with the expected packet rate.

In some embodiments, some of the “potential issue detection” techniques”by deduplicator 260 may be implemented as follows. In such embodiments,packets may be modified by the sender (such as duplicator 250) to addthe sender's timestamp. In this embodiment, on the receiving side, thesetimestamps may be used, to calculate “perceived one-way latency” d_(t),which is the difference between the sender's timestamp within the packetand receiver's current time at the moment of receiving the packet. Dueto potential desynchronization between sender's and receiver's clocks,“perceived one-way latency” d_(t) may not necessarily be an indicationof real-world delay; however, changes in d_(t) may still reflect changesin real-world delays. Statistics developed based on observation of d_(t)may be used to establish a “usual delay” for each of the interfaces 204(for example, by averaging it over significant time, such as 1-100seconds). In some embodiment, if d_(t) suddenly starts to exceed this“usual delay”, it may indicate congestion over the correspondinginterface 204. In some embodiments, some or all of the “potential issuedetection” techniques which use “perceived one-way latency”, may be usedwithin latency-oriented router 120.

In some embodiments, techniques based on measured round-trip times maybe combined with techniques based on “perceived one-way latency”. In oneexample, latency-oriented router 120 may calculate “measured round-triptime” for communication with a latency-oriented proxy 121, and may alsocalculate “perceived one-way latency” for the packets coming from thesame latency-oriented proxy 121. In such embodiments, iflatency-oriented router 120 observes an increase in the “measuredround-trip time”, and there is a similar increase in “perceived one-waylatency”, it may indicate congestion in the incoming channel of thelatency-oriented router 120. In some embodiments, in response to suchscenarios, latency-oriented router 120 may take “enforcement actions”which aim to reduce traffic over incoming channel (such as “suppression”techniques related to dropping packets and/or issuing ECNs for incomingTCP connections). In other embodiments, if latency-oriented router 120observes an increase in the “measured round-trip time”, withoutsignificant increase in “perceived one-way latency” of the packetscoming from latency-oriented proxy 121, it may indicate congestion overthe outgoing channel of the latency-oriented router 120. In someembodiments, in response to such scenarios, latency-oriented router 120may take “enforcement actions” which aim to reduce traffic over outgoingchannel (such as “suppression” techniques related to dropping packetsand/or issuing ECNs for outgoing TCP connections).

In another alternative implementation of the “potential issue detection”techniques, information about current end-to-end latency may be presentwithin the packets as they're sent from server 180 (such packets arecommon, for example, in games, to enable reporting of current latencywithin the game client). In such cases (and/or for such “app types”),end-to-end latency may be parsed from the packets and may be used as oneof the “potential issue detection” techniques (for example, afterexceeding certain pre-defined or pre-configured threshold).

In some embodiments, deduplicator 260 may use some of the “potentialissue detection” techniques to form a “connection quality” packet andsend it to the other side of communication (such as device containingduplicator 250) For example, if one of the “potential issue detection”techniques starts to detect that packet loss rate exceeds a predefinedor predetermined threshold (which may be, for example, system-wide, ormay depend on “app type”), then the “connection quality” packet may besent to the other side of communication to notify it about the problems.In some embodiments, the “connection quality” packet may be sent even ifthere is no incoming packet (for example, on a timeout).

In some embodiments, deduplicator 260 may also recognize “tag” fieldswithin the packets, and may gather statistics (such as packet lossand/or “relative latencies”) on a per-tag basis. In other embodiments,deduplicator 260 may additionally reply to “tag stats request” requests,sending back a “request tag reply”, based on the per-tag statistics.“Relative latencies” may be implemented, for example, as averages of“perceived one-way latency” d_(t) value discussed above, for a specifictag. Subsequently, the other side of the communication may compare these“relative latencies” for two different tags, and use it for latencycomparison purposes.

In some embodiments, deduplicator 260 may modify incoming packets tomodify the target address and/or port, which may be referred to as“reverse NAT-like translation”. Such “reverse NAT-like translation” mayserve as a counterpart to “NAT-like translation”, and the deduplicator260 may need to perform “reverse” translation of (target_IP,target_port) so that the packet can reach the user device 110. This maybe done, for example, by replacing packet's (target_IP, target_port)with (source_IP, source_port) from “NAT-like translation data”associated with current latency-critical session (as described withregards to duplicator 250), or by using any of the NAT techniquesdescribed in RFC2663, RFC3022, RFC4787 and/or RFC5382.

In some embodiments, deduplicator 260 may modify incoming packets tomodify the source address and/or port which, for ease of reference, maybe referred to as “reverse proxy translation”. Reverse proxy translationmay be performed by finding a record within “proxy translation data”(described with respect to duplicator 250) that matches certaininformation from the incoming packet (such as source_IP/port fields fromthe packet and/or session_ID of the associated latency-criticalsession). In an embodiment, when performing such matching, thesource_IP/port from the packet may need to be matched to thetarget_IP/port within “proxy translation data”. After matching isperformed, the target_IP/port fields may be extracted from the matchingrecord within the “proxy translation data” and written to thesource_IP/port fields of the packet.

In some embodiments, “reverse proxy translation” may be performedinstead of, or in addition to, “reverse NAT-like translation” describedabove.

In some embodiments, deduplicator 260 may modify the packet to removecertain fields added by the other side of communication (usually byduplicator 250 residing on the other side of the communication). Thesefields to be removed may include packet_ID and/or session_ID (in thecase for deduplicator 262, the proxy_target field may also be removed).

In some embodiments, the “reverse NAT-like translation” on the incomingtraffic may be performed by the incoming traffic controller 271.

In some embodiments, deduplicator 260 and/or incoming detector 230 mayprovide information about the time when the next latency-critical packetis expected (T_(next)). This functionality may be implemented usingtechniques similar to those described for implementing T_(next) withrespect to duplicator 250 and/or outgoing detector 220.

In some embodiments, deduplicator 260 may additionally implement some orall of the functionality which is described with respect to deduplicator262. In particular, it may implement “NAT-like translation” and/or“reverse proxy translation”. Such implementation may be used, forexample, for the router-to-router communication as shown in FIG. 1I.

In some embodiments, incoming traffic controller 271 may implement the“suppression” of “other traffic” techniques as described with respect tooutgoing traffic controller 270, which may include either “potentialissue detection” techniques, or “enforcement” techniques, or both.

In some embodiments, the same “potential issue detection” techniques maycause different “enforcement” actions within outgoing traffic controller270 and incoming traffic controller 271. In one non-limiting example, anincreased packet loss over incoming channel (as detected by deduplicator260) may be taken into account only by incoming traffic controller 271,and increased packet loss over the outgoing channel (as detected by theother side of the communication and reported back to deduplicator 260)may lead to more severe “enforcement” action by outgoing trafficcontroller 270, and to a less severe “enforcement” action by incomingtraffic controller 271.

In some embodiments, for the purposes of implementing “allocating timeslots” enforcement technique, the incoming traffic controller 271 mayuse information about the time when the next latency-critical packet isexpected (T_(next)) provided by the incoming detector 230 and/ordeduplicator 260.

In some embodiments, latency-oriented router 120 may use some or all ofthe “potential issue detection” techniques to make a decision thateither a latency-oriented proxy currently in use, and/or the Internetroute from latency-oriented router to the proxy, and/or the Internetroute from the proxy to the server, is experiencing problems and/ordelays. For example, if the packet loss coming from or to thelatency-oriented proxy (the latter may be reported, for example, as a“connection quality” packet, or as a “tag stats reply”) grows higherthan a certain threshold, or the connection from the proxy to the serverbecomes problematic (which may be reported, for example, as a “forwardconnection quality” packet), or if the proxy becomes overloaded (whichmay be reported, for example, as “overload” packet), thelatency-oriented router 120 may decide to switch to a different proxy,or to connect directly to the server 180 without any proxying. If theserver 180 does not support changing IP on the fly without making are-connect to a different server such as matchmaking server, thegame/VoIP app may need to be disconnected first with a new connectionreestablished. This can be implemented, for example, by asking theplayer to reconnect manually, or by sending an RST packet to the TCPconnection that the game app may have to send to the matchmaking server,or by sending a message to a special application installed and runningon the user device 110 that can simulate the disconnect of the physicalinterface with a subsequent reconnect.

In some embodiments, the latency-oriented router 120 may try to know inadvance a “reserve” proxy to use. This may be done even when there areno reported “potential issues” with the current proxy, aiming to reduceswitch time when such a “potential issue” is reported. In suchembodiments, the latency-oriented router 120 may use one of thetechniques for picking a proxy as described with respect to duplicator250 on an ongoing basis to determine such a “reserve” proxy. If adecision to switch from the current proxy is made, such a “reserve”proxy may be used as a target for the proxy switch.

FIG. 2B shows an implementation of the latency-oriented proxy 121,according to an embodiment of the present disclosure. As illustrated inFIG. 2B, the latency-oriented proxy 121 may include interface 202, core211, interface 204 and optionally storage 217. According to anembodiment, core 211 may further include configurator 240, sessionselector 286, duplicator 252, authenticator 282, session tracker 284,and deduplicator 262. Optionally, core 211 may also include HTTP server206.

In some embodiments, the same techniques as described forlatency-oriented router 120 (including, but not limited to, implementingas a standalone device and/or a separate computer running appropriatesoftware), may be used to implement latency-oriented proxy 121.Alternatively, latency-oriented proxy 121 may be implemented as one ormore software modules running on the server 180. In this case, interface204 of latency-oriented proxy 121 may be implemented, for example, asone of Inter-Process Communications (IPC) and/or network communicationmethods including, but not limited to, sockets (including both TCP/UDPsocket and Unix sockets), shared memory, message queues, pipes (bothanonymous and named ones), memory-mapped files, or any other existing orfuture developed communication systems and/or protocols with similarfunctionalities.

In some embodiments, incoming packets originating from the Internet 144may come via one or more of the interfaces 204. They may optionally beauthenticated in authenticator 282, and then sent to the session tracker284.

In one embodiment, authenticator 282 may perform authentication of thepackets coming from the interface 204. For example, authenticator 282may perform “null authentication”, considering all the packets valid. Inanother embodiment, incoming packets may include (client_ID, auth_token)tuple, and authenticator 282 may contain a database of valid (client_ID,auth_token) tuples, validating incoming packets against this database.In one example, the database may be stored in-memory as a hash table. Inyet another embodiment, incoming packets may be authenticated with MAC(or encrypted-and-signed-with AEAD) and include (client_ID, MAC) tuple,and authenticator 282 may contain a database of (client_ID,secret_client_key) tuples, validating MAC of incoming packets using thekey from this database. In one example, the database may be storedin-memory as a hash table. In yet another embodiment, incoming packetsmay be signed with a private key PR and include (client_ID, signature)tuple, and authenticator 282 may contain a database of (client_ID,public key corresponding to PR) tuples, validating the signature underincoming packets using the key from this database. Likewise, thedatabase may be stored in-memory as a hash table.

In some embodiments, authenticator 282 may perform decryption of thepacket (and/or a part of the packet, including, but not limited to, thepacket body), using the secret key and/or the public key of the sender.In some embodiments, a decryption algorithm which is a counterpart tothe encryption algorithm which was used to encrypt the packet (asdescribed with respect to duplicator 250), may be used for decryption.

In some embodiments, when session_ID is used, the sender may skipsending the client_ID once it receives an acknowledgement that the otherside of the communication has the client_ID for the current session_ID.This can be implemented in a manner similar to the manner in which theproxy_target_IP and proxy_target_port may be skipped afteracknowledgement. In some embodiments, the same acknowledgement may beused for all of the proxy_target_IP, proxy_target_port, and client_IDfields. Even if client_ID is skipped, MAC and signature fields may stillbe transmitted. In such embodiments, after receiving the packet with theclient_ID, authenticator 282 may store the client_ID as an associateddata for the latency-critical session in which the packet belongs, andstart acknowledging the receipt of this field for the session (forexample, as a special field added to all or some of the packets sent tothe other side of communication). This acknowledgement may be stopped,for example, on receiving of the first packet from this session withouta client_ID field.

Session tracker 284 may perform some (or all) of the functions performedby outgoing detector 220. In particular, Session tracker 284 may providedetection and/or creation/destruction and/or reporting of“latency-critical sessions” to which the packet belongs.

In some embodiments, detection of the “latency-critical session” towhich the packet belongs in session tracker 284 can be implementedeither in one of the ways described for such detection with respect tooutgoing detector 220, or using session_ID (if it is available in thepacket). In the latter case, in some embodiments, before passing such apacket to deduplicator 262, certain checks may be performed to ensurethat the data in the packet (such as source_IP/source_port) matches thesession-which-corresponds-to-session_ID. These checks may be performed,for example, in a manner similar to the “packet-session validity checks”described with respect to incoming detector 230.

In some embodiments, after processing by session tracker 284, packetsmay be sent to deduplicator 262. Deduplicator 262 may be implemented ina manner similar to deduplicator 260 discussed with respect tolatency-oriented router 120 with some differences. As one difference,instead of “reverse NAT-like translation”, deduplicator 262 mayimplement “NAT-like translation” as described with respect to duplicator250. This may include storing “NAT-like translation data”, which may beassociated with the corresponding “latency-critical session”, tofacilitate “reverse NAT-like translation” within duplicator 252. In someembodiments, for example, when there are two different interfaces usedon the other side of the communication, “NAT-like translation data” fordeduplicator 262 may include more than one (source_IP, source_port) pairassociated with the latency-critical session. In some embodiments, these(source_IP, source_port) pair(s) may be used to create “virtualinterface(s)” which may be associated with the latency-critical session.

In some embodiments, instead of or in addition to “NAT-liketranslation”, deduplicator 262 may perform “NAT-like translation 2”. Toperform “NAT-like translation 2”, deduplicator 262 may take the “VPORT”field from the packet, and use its value to populate the “Source Port”field of the packet. In addition, as a part of “NAT-like translation 2”,deduplicator 262 may remove the “VPORT” field from the packet. Thistechnique may be of interest for use in environments such as thosedepicted in FIG. 1I.

As another difference between deduplicator 262 and deduplicator 260,instead of “reverse proxy translation”, deduplicator 262 may implement“proxy translation 2”. In some embodiments, “proxy translation 2” may beimplemented as (1) parsing a packet to extract the proxy_target_IPand/or the proxy_target_port field, and the body of the original packet(e.g., the one that was wrapped by duplicator 250); (2) replacing thetarget IP address of the original packet with the value of theproxy_target_IP field and/or replacing the target port of the packetwith the value of the proxy_target_port field; (3) optionally, storingthe proxy_target_IP as an associated data for the latency-criticalsession to which the packet belongs, and/or start acknowledging thereceipt of these fields for the session. This acknowledgement may bestopped, for example, when the first packet from this session that doesnot include the proxy_target_IP/proxy_target_port fields.

In some embodiments, deduplicator 262 may recognize “preferred routerequests” and may reply to such requests. In some embodiments, the replymay be based on a predefined table of “preferred routes” for some of theAutonomous System Numbers (“ASN”). In such embodiments, deduplicator 262may, for example, first find the ASN (for example, based on the “sourceIP” field of the packet, via lookup in a netmask-to-ASN table) and thenlook up the ASN-to-preferred-routes table to find a “preferred route” tobe returned as a reply to the “preferred route request”.

Packets coming from the server 180 may reach one of interfaces 202 andmay be passed to session selector 286. In some embodiment, sessionselector 286 may perform some (or all) of the functions performed byincoming detector 230. In particular, session selector 286 may identifythe latency-critical session to which the packet belongs. Sessionselector 286 may perform this identification in a manner similar to thatdescribed with respect to incoming detector 230.

In some embodiments, after processing by session selector 286, thepackets may be sent to duplicator 252. Duplicator 252 may be implementedin a manner similar to duplicator 250 discussed with respect tolatency-oriented router 120, with some differences. As one difference,instead of “NAT-like translation”, duplicator 252 may implement “reverseNAT-like translation” as described with respect to deduplicator 260.This “reverse NAT-like translation” may use “NAT-like translation data”(which may contain one or more (source_IP, source_port) pair(s))associated with the corresponding “latency-critical session”, which werecreated as described with regards to deduplicator 262. In someembodiments, duplicator 252 may use “virtual interfaces” which werecreated as described with regards to deduplicator 262, to send copies ofthe packets. As another difference of duplicator 252 from duplicator250, instead of “proxy translation”, duplicator 252 may implement“reverse proxy translation”, as described with respect to deduplicator260.

Latency-oriented proxy 121 may perform one or more of “potential issuedetection” techniques as described with respect to latency-orientedrouter 120. In addition, it may optionally implement one or more of thefollowing “potential issue detection” techniques. In some embodiments,latency-oriented proxy 121 may monitor packet loss and/or latency withsome or all of the target servers 180. If packet loss and/or latency isexceeded, latency-oriented proxy 121 may send a special “forwardconnection quality” packet (and/or add a special “forward connectionquality” field to an existing packet) to some or all of the user deviceswith which the specific server 180 currently has latency-criticalsessions. In other embodiments, latency-oriented proxy 121 may monitoruse of resources (such as CPU load) and/or internal processing latencies(such as “time from the moment when the packet was received until thecopy was sent”), and, if a pre-defined or pre-configured threshold isexceeded, send a special “overload” packet (and/or add a special“overload” field to an existing packet) to some or all of the userdevices with which the specific server 180 currently haslatency-critical sessions.

In some embodiments, latency-oriented proxy 121 may implement ratelimits (such as packets-per-second or bytes-per-second) on a per-clientor a per-session basis. In some embodiments, latency-oriented proxy 121may limit outgoing connections to a well-known list of IP addresses.These limitations may be used to reduce potential for misuses and/orattacks on the latency-oriented proxy itself and/or servers 180 and/orInternet infrastructure.

In some embodiments, latency-oriented proxy 121 may implement a“proxy-to-server” protocol to communicate with server 180. In suchembodiments, packets sent over this “proxy-to-server” protocol mayinclude a field (which, for ease of reference, may be named as“real_IP”) to indicate the “real” source IP address (for example, the IPaddress of the latency-oriented router 120 that was received by thelatency-oriented proxy 121 in the source IP address field). In someembodiments, the latency-oriented proxy 121 may add a real_IP field (forexample, using “wrapping” of the whole packet or of the packet body) toeach of the packets sent to the server 180. In some embodiments, server180 may take note of this field (which indicates the real IP address ofthe user device without the proxy) and use it as if it is a source IP ofthe packet for purposes such as identification and/or fraud/cheatingprevention. In other embodiments, server 180 may remove this fieldbefore further processing of the packet. In other embodiments, server180 may modify packets coming from proxies by moving the data in thereal_IP field into the packet's source_IP field and removing the real_IPfield completely before further processing. In some embodiments, theprocessing mechanism on the side of server 180 may allow for seamlessprocessing of both proxied and non-proxied packets.

In some embodiments, connections from intermediate proxies 122 tolatency-oriented proxy 121 and/or to other intermediate proxies 122,and/or from simple proxies 124 to latency-oriented proxy 121 and/or toother simple proxies 124 may also use the “proxy-to-server” protocol. Insome embodiments, intermediate proxy 122, simple proxy 124 and/orlatency-oriented proxy 121 may copy the data in the real_IP field in theincoming packet into the real_IP field of the outgoing packet. In someembodiments (instead of, or in addition to, real_IP field), intermediateproxy 122, simple proxy 124, latency-oriented proxy 121, and/or server180 may use “proxy-to-server” protocol with a “source_IP_list” field,consisting of IP addresses. In some embodiments, all or some of thelisted proxies may add a source_IP field of the incoming packet to thelist when proxying. Server 180 may use this information for differentpurposes, including but not limited to authentication, identification,fraud/cheating prevention, and/or detection of compromised proxies.

In some embodiments, the receiving side of the proxy-to-server protocol(e.g., the server 180 or the latency-oriented proxy 121), mayauthenticate the packets before using the real_IP field (and/or“source_IP_list” field) from the packet. In some embodiments, suchauthentication may be performed by comparing the source_IP field of thepacket to a list of proxies with “trusted” IP addresses. In some otherembodiments, the sending side of the proxy-to-server protocol mayprovide an “authentication tag” with the packets (for example, as anadditional field within the packet), and the receiving side of theproxy-to-server protocol may use it for authentication purposes. In someembodiments, this “authentication tag” may be a password, PIN, orsimilar string. In other embodiments, this “authentication tag” may be acrypto tag, such as MAC tag (e.g., HMAC, OMAC, or Poly1305), or AEAD tag(e.g., Encrypt-then-MAC, MAC-then-Encrypt, Encrypt-and-MAC, EAX, CCM,OCB, Chacha20-Poly1305, or various forms of GCM including, but notlimited to, AES-GCM), or a signature with a private key. If crypto tagsare used, pre-shared key and/or public/private key pairs may be presentwithin the devices.

In some embodiments, each proxy may add its own “authentication tag” tothe packet. For example, server 180 may validate each of the“authentication tags” separately (for example, by using secret and/orpublic keys that correspond to the IP addresses within the“source_IP_list” field).

In some embodiments, even if an “authentication tag” is not provided,the sides of the proxy-to-server communication may still use encryptionand/or decryption of the data sent/received (and/or of the portions ofsuch data). For example, secret keys and/or public/private key pairs(the same as mentioned above or separate from those mentioned above) maybe used for this purpose.

In some embodiments, any of the sides implementing proxy-to-serverprotocol (this may include any of the latency-oriented proxies 121,intermediate proxies 122, simple proxies 124, and/or server 180) maycombine several incoming packets (including packets belonging todifferent latency-critical sessions) into one single packet usingsub-packet sizes and/or sub-packet boundaries to allow restoring thepackets on receiving side (which for ease of reference may be referredto as “packet consolidation”). In some embodiments, the receiving sideof the proxy-to-server protocol may separate such consolidated packets(for example, using sub-packet sizes or sub-packet boundaries) intosub-packets before further transmitting them. Such “packetconsolidation” may help to reduce the traffic (in particular, due tosavings on header sizes of consolidated packets). In some embodiments,on the sending side the packets may be combined until one of twoconditions is met: (a) total size of the consolidated packet exceedssome pre-defined size (for example, this pre-defined size can be 1500bytes, 9000 bytes, the MTU of the outgoing interface on the sendingside, or the “Path MTU” discovered using one of PMTUD methods(including, but not limited to, those described in RFC1191, RFC1981, orRFC4821)), or (b) a predetermined amount of time has elapsed since thefirst packet for current consolidated packet was received (which, forease of reference, may be referred to as “timeout”). Examples of suchtimeouts include 10 mks, 100 mks, 1 ms, 10 ms, and 100 ms. In someembodiments, the timeout may depend on the “app types” involved. In someembodiments, each sub-packet added to the consolidated packet may causeits own timeout limit, and the minimum of these timeout limits may beused for the purposes of ending “packet consolidation”.

In some embodiments, the proxy-to-server protocol may work over TCP, andthis proxy-to-server protocol over TCP may be used to transfer any kindof data between the two sides of the communication (including, but notlimited to, data from UDP and/or ICMP packets). For example, UDP packetsand/or ICMP packets may be wrapped into (packet_size, packet_data)tuples, with the tuples sent over the TCP.

In some of the embodiments where the proxy-to-server protocol is used,the sending and receiving sides may implement X-multicast packets, andX-multicast may be different from traditional IP multicast. In someembodiments, X-multicast may not rely on routing of multi-cast IPpackets (which usually does not work over the public Internet). Forexample, if server 180 needs to send the same update packet to severalclients (which is a common occurrence at least for some game servers),it may send a special packet indicating (a) the need for X-multicast,(b) list of the computers to receive the packet (this list may, forexample, specify IPs or session_IDs, or anything else to that effect),and (c) the body to be sent to all these addresses. In some embodiments,X-multicast may be combined with “packet consolidation” and/or“proxy-to-server over TCP” techniques.

In some embodiments where the proxy-to-server protocol is used, one ormore of the latency-oriented proxies 121, intermediate proxies 122,simple proxies 124 may implement a “game state”. In such embodiments,one of the proxies may maintain the “game state”. This “game state” maybe updated by special packets sent over the proxy-to-server protocol(from server 180 or from an “upstream” proxy). In turn, other proxies(“downstream proxies”) and/or latency-critical routers 120 may requestand obtain the current “game state” (or a part of it), and/or may“subscribe” to the updates to the “game state”. In some embodiments, onreceiving an update to the “game state” from an “upstream” server orproxy, each proxy may calculate and send zero or more updates to the“game states” of its subscribers (proxies) and/or to zero or moreupdates to connected user devices.

In some embodiments, “game state” on the server(s) 180 may beimplemented as follows. The server itself may maintain a “game state”.When the server receives request for a “game state” from a “downstream”requestor, the server may: (a) send a copy of its own “game state” tothe “downstream” requestor, and (b) add the downstream requestor to alist of downstream subscribers. In such embodiments, updates to the“game state”, may be sent to downstream subscribers in the list ofdownstream subscribers.

In some embodiments, “game state” on the proxies may be implemented asfollows. The proxy itself may “subscribe” to the “upstream” source(which may be another proxy or server 180), and may obtain a copy of the“game state” (for example, acting as a “downstream” requester asdescribed above). When a “downstream” request for a “game state” comesin to the proxy, the proxy may: (a) send a copy of its own “game state”to the “downstream” requestor, and (b) add the downstream requestor to alist of downstream subscribers. In such embodiments, updates coming fromthe “upstream” source to the proxy may (i) be used to update the “gamestate” of the proxy, and (ii) be sent to downstream subscribers in thelist of downstream subscribers.

In some embodiments, when implementing “game state”, game server(s)and/or proxies may filter the “game state” and/or updates. In someembodiments, this filtering may be implemented to reduce potential forcheating (such as “wallhacks” or “maphacks”), and in some embodiments,it may be implemented to reduce “downstream” traffic. In someembodiments, such filtering may be implemented, for example, using“interest management” techniques (as described, for example, in“Comparing Interest Management Algorithms for Massively MultiplayerGames,” by Jean-Sebastien Boulanger et al., Netgames '06 Proceedings of5^(th) ACM SIGCOMM Workshop on Network and System Support for Games,Article No. 6 (2006), the entirety of which is incorporated herein byreference. In some other embodiments, filtering may be performed on thebasis of which information is allowed to be accessible to which ofsubscribers.

In the embodiments which use a “subscription” mechanism, compressionmethods (both traditional and game-specific), for example as describedabove, may be used to compress the data. Game-specific compressionmethods may include game-specific incremental techniques such as deadreckoning, interest management, and/or delta compression. In someembodiments, separate and potentially different methods of compressionmay be used to compress “upstream” updates received by the proxy, and tocompress “downstream” updates issued by the proxy and/or server 180.

In some embodiments, one or more of the latency-oriented proxies 121,intermediate proxies 122, and/or simple proxies 124 may maintain morethan one “game state”. In some embodiments, “game states” may be createdand/or destroyed by either commands coming from “upstream” (via theproxy-to-server protocol), and/or by “subscription requests” coming from“downstream”. In the latter case, on receiving such a “subscriptionrequest”, the proxy may go to the “upstream” server or proxy to requestappropriate “game state” and/or to “subscribe” to updates to the “gamestate”. In some embodiments, if all the “subscribers” on the specificproxy are unsubscribed from a certain “game state” (or if “upstream”indicates that the “game state” is no longer available), this “gamestate” may be removed (and/or the proxy may “unsubscribe” from it).

In some embodiments, the same proxy may have more than one “upstream”source, each “upstream” source corresponding to a different “gamestate”. In some embodiments, the “game state” may also be implemented onsome of the latency-oriented routers 120. In some of these embodiments,a protocol functionally similar to the proxy-to-server protocol may beused for communications between the latency-oriented router 120 and the“nearest” proxy.

In some of the embodiments in which the proxy-to-server protocol isused, the sending and receiving sides may implement compression. Anycompression algorithm may be used including, but not limited to, LZ77,Huffman coding, deflate, bzip2, LZHL, and any combination of these orany other compression algorithms currently known or developed in thefuture. In some embodiments, compression techniques can be combined with“packet consolidation”, “proxy-to-server over TCP” techniques, and/orX-multicast techniques. In particular, in some embodiments “X-multicast”packets may use the identifier of “subscription” instead of (or inaddition to) the list of the computers to receive the packet.

FIG. 2C is a block diagram illustrating an exemplary implementation ofan intermediate proxy 122, according to an embodiment of the presentdisclosure. In the embodiment shown in FIG. 2C, intermediate proxy 122may include core 212, interfaces 202 and 204, and storage 217. Core 212may further include authenticator 282, session tracker 284, deduplicator262, duplicator 250, session selector 286, deduplicator 260, duplicator252, and (optionally) HTTP server 206 and/or configurator 240.

In some embodiments, the same techniques as described forlatency-oriented proxy 121 (including but not limited to, implementingas a standalone device and/or a separate computer running appropriatesoftware) may be used to implement intermediate proxy 122. In oneembodiment, packets coming from the “left side” (which may correspond toconnections 132 in FIG. 1D), may be received by one of interfaces 202(only one interface is shown), and then be processed by authenticator282, session tracker 284, deduplicator 262, and duplicator 250, reachingone of interfaces 204 on the “right side” (which may correspond to oneof connections 192 in FIG. 1D). In another embodiment, packets comingfrom the “right side”, may be received by one of the interfaces 204(only one interface is shown), and then processed by session selector286, deduplicator 260, and duplicator 252, reaching one of interfaces202 on the “left side”. As it was described with respect to FIG. 2Aand/or FIG. 2B, in some embodiments, some or all of the interfaces 202and/or 204 may be “virtual interfaces”. In some embodiments, all theinterfaces 202 and 204 may be “virtual interfaces” built on top of asingle “physical interface”.

In some embodiments, intermediate proxy 122 may use data from some ofthe fields from incoming packets (such as packet_ID, real_IP, VPORT) topopulate respective field(s) in outgoing packets.

In one embodiments (not shown), the intermediate proxy 122 may beimplemented as a combination of a latency-oriented router 120 and alatency-oriented proxy 121, with an interface 204 of thelatency-oriented router 120 directly connected to an interface 202 oflatency-oriented proxy 121.

FIG. 2D is a block diagram illustrating an exemplary implementation of aproxy router 123, according to an embodiment of the present disclosure.In some embodiments, proxy router 123 may have many of the samecomponents of the latency-oriented router 120 operating in the same orsimilar manner as they operate in the latency-oriented router 120. Assuch, these components are not discussed again here and the reader isreferred to the discussion of FIG. 2A. In some embodiments, the sametechniques as described for latency-oriented router 120 (including butnot limited to, implementing as a standalone device and/or a separatecomputer running appropriate software), may be used to implement proxyrouter 123.

In some embodiments of the proxy router 123, the outgoing detector 220may additionally detect that a packet is coming from latency-orientedrouter 120 (which may, for example, happen in configurations such asshown in FIG. 1G). Such additional detection may be performed, forexample, by comparing a packet destination IP address with the IPaddress(es) of the interface(s) 202 of the proxy router 123, and/orcomparing the destination port (for example, to a port number designatedfor such communication). In some embodiments, if the packet isdetermined to come from the latency-oriented router 120, it may bedirected to deduplicator 262, and then to duplicator 250. In addition,latency-critical sessions associated with such packets, may haveassociated information to indicate such packets are coming from alatency-oriented router 120. In some embodiments, in a somewhat similarmanner, the packets coming from interface(s) 204, after going throughdeduplicator 260, may be directed to session detector 292. In someembodiments, session detector 292 may detect whether the packet belongsto the session which has associated information to indicate that it iscoming from a latency-oriented router 120. Session detector 292 mayforward such packets to duplicator 252, and all other packets tointerface 202. If the packet is determined to belong to the sessioncoming from a latency-oriented router 120, duplicator 252 may send oneor more copies of the packet over one or more interfaces 202.

In some embodiments, packets from latency-oriented router 120 to proxyrouter 123 may include additional information, such as which interfaceof proxy router 123 a packet is intended for. Proxy router 123 may usesuch information when deciding where to direct such packets. Thistechnique may be used in conjunction with techniques similar to thosetechniques described with respect to “X-Plugin” 248 used to detectlatency-oriented routers 120 and/or proxy routers 123 and/or to retrieveinformation about latency-oriented routers 120.

FIG. 2E is a block diagram illustrating an exemplary implementation of asimple proxy, according to an embodiment of the present disclosure. Insome embodiments, the same techniques as described for latency-orientedrouter 120 (including but not limited to, implementing as a standalonedevice and/or a separate computer running appropriate software), may beused to implement simple proxy 124.

In some embodiments, a packet received at one of interfaces 202 may beauthenticated by authenticator 282, then processed by session tracker284, and finally processed by proxy translator 288. Proxy translator 288may, for example, perform “proxy translation 2” followed by “proxytranslation”. After the packet is processed by proxy translator 288, itmay be sent to one of interfaces 204. A packet received at one ofinterfaces 204, may be processed by session selector 286, and then byproxy reverse translator 289. Proxy reverse translator 289 may, forexample, perform a “reverse proxy translation”. After the packet isprocessed by reverse proxy translator 289, it may be sent to one ofinterfaces 202.

In some embodiments, as it was described with respect to FIG. 2A and/orFIG. 2B, some or all of the interfaces 202 and/or 204 of the simpleproxy 124 may be “virtual interfaces”. In some embodiments, all theinterfaces 202 and 204 may be “virtual interfaces” built on top of asingle “physical interface”.

In some embodiments, all the devices illustrated by FIG. 2A-FIG. 2E, mayinclude a module, component and/or device to store “game states” (notshown). This module, component and/or device may be a separate hardwaremodule (for example, additional RAM), or may be just a part of RAM alsoused for the other purposes, and may be accessed, for example, bydeduplicator 260 to maintain “game state” (and provide updates tosubscribers) as described with respect to the proxy-to-server protocol.

In some embodiments, all the devices illustrated by FIG. 2A-FIG. 2E, mayinclude a remote updating facility (not shown). In addition toperforming bug fixes and/or adding features, in the context of thesedevices, remote updates may facilitate reacting to changes resultingfrom handling of data/packets related to different and/or newapplication types. For example, the remote updating facility may receiveinformation that a new version of a software (or part of a software suchas a shared-library or DLL that performs incoming detection for aspecific application) or some new data is available and as a resultperform an update. Examples of data which may be updated include, butare not limited to a netmask-to-ASN table, an ASN-to-owner table, a listof ports in use by a specific application type, the whole or parts of anew/updated application type (including, for example, information aboutports, formats, ASN numbers and/or netmasks application to theapplication). In some embodiments, this information may be obtained viapolling an external update server (not shown) at pre-defined orconfigurable intervals (examples if such intervals may range from onceper minute to once per day). In other embodiments, this information maybe “pushed” the device by the update server (for example, as a packetcoming from the update server to all the devices which “subscribed” tothis service). After the information about the update being available,is received, the update itself may be received from the same (ordifferent) update server. For example, the update may be received usingany of existing protocols, including, but not limited to, HTTP, HTTPS,FTP, TCP, and any other existing or future technology with similarfunctionality.

In some embodiments, packets related to updates may be treated the sameway as “other traffic”, which may facilitate uninterrupted game playwhile the update is being downloaded. In some embodiments, the updatemay be signed and the signature may be validated before the update isapplied (such validation may include, for example, checking the wholecertificate chain up to the root certificate). After the signature isvalidated, the downloaded update may be applied to change the relevantsoftware and/or data. In some embodiments, the update may be compressedand the device may perform decompression before applying the update.Compression/decompression in this context may be implemented using anyof the existing compression algorithms including, but not limited to,deflate, zip, bzip2, and/or differential update techniques such asvsdiff, bsdiff, xdelta and Courgette.

In some embodiments, in addition to (or instead of) detectinglatency-critical traffic, other categories of traffic may be detectedby, for example, outgoing detector 220. Such other categories of trafficmay include, without limitation, “interactive non-latency-critical”traffic, “video streaming traffic” and/or “download non-latency-criticaltraffic”. In some embodiments, techniques similar to those used todetect latency-critical traffic (as described herein) may be used todetect “interactive non-latency-critical” traffic, “video streamingtraffic” and/or “download non-latency-critical traffic”. In onenon-limiting example, all TCP connections going over ports 80 and/or 443with dropbox.com are detected and categorized as “download traffic”; allFTP connections regardless of IP addresses are similarly detected andcategorized as “download traffic”; all TCP connections with facebook.com(with or without regards to ports used) are detected and categorized as“interactive traffic”; and/or all TCP connections with youtube.com aredetected and categorized as “video streaming traffic”.

In some embodiments, any TCP connection may be considered “interactivenon-latency-critical” traffic until a certain pre-defined amount oftraffic is transferred over the connection, wherein transferring trafficincludes receiving and/or sending. When such pre-defined amount oftraffic is transferred, the relevant TCP connection may be re-classifiedas “download non-latency-critical traffic” or “video streaming traffic”.In some embodiments, re-classification as “download traffic” may bebased on other parameters, such as the relevant connection's elapsedtime. In some embodiments, connections may be classified based ontraffic patterns. In one non-limiting example, connections with steadytraffic may be classified as “download non-latency-critical traffic” or“video streaming traffic” depending on the amount of bandwidth consumed,wherein connections consuming less than some pre-defined amount, such as2 Mbit/s, are classified as “video streaming traffic” and otherconnections are classified as “download non-latency-critical traffic”.In contrast, connections with sharp changes in traffic or falling belowa different pre-defined bandwidth amount, such as 100 kBit/s, areclassified as “interactive non-latency-critical traffic”.

In some embodiments, information related to an application-levelprotocol (i.e., a protocol sitting on top of a TCP connection and/orSSL/TLS connection) may be used to classify traffic. For example, if aprotocol running on top of a TCP connection is HTTP and the HTTP sessionindicates transfer of the same resource (indicated by the same URL),such HTTP session may be classified as “download non-latency-criticaltraffic”. As another example, if the protocol running on top of a TCPconnection is HTTP Live Streaming (HLS), HTTP Dynamic Streaming (HDS),Microsoft Smooth Streaming or Dynamic Streaming over HTTP (DASH), suchTCP/HTTP session may be classified as “video streaming traffic”.

In some embodiments, the analysis and/or modification of informationthat belongs to an application-level protocol may include re-assemblingsome portion of the TCP stream. In one non-limiting example, such TCPre-assembly may be necessary to read and/or modify HTTP headers, whichin turn may be necessary for using an application-level protocol toclassify traffic as described above. In some embodiments, outgoingdetector 220 may perform TCP re-assembly. For example, for the receivingside of TCP communication, TCP re-assembly may be performed usingtechniques described in RFC793. Note that TCP re-assembly does notnecessarily imply terminating TCP connections as described with respectto TCP terminator 241.

In some embodiments, the detection and classification methods describedabove may be combined. For example, traffic may be classified as“download non-latency-critical traffic” and “interactivenon-latency-critical traffic” based on rules for well-known hosts;remaining connections may be classified based on application-levelprotocol; and those connections not classified by other means may beclassified based on traffic patterns, elapsed time and/or trafficthrough the connection.

In some embodiments, “interactive non-latency-critical traffic” and/or“video streaming traffic” may be used in the same manner aslatency-critical traffic is used for the purposes of “potential issuedetection” techniques and/or prioritization techniques (for example,DSCP-based techniques as described herein). In some embodiments,different “enforcement techniques” may be used for “interactivenon-latency-critical traffic” and “download non-latency-criticaltraffic”. This may allow for different processing of “interactivenon-latency-critical traffic” and “video streaming traffic”, which mayfacilitate stronger suppression of the “download non-latency-criticaltraffic” and/or prioritization of “interactive non-latency-criticaltraffic”, and which may provide for an improved web browsing experiencefor an end-user.

In some embodiments, latency-oriented router 120 may allow an end-userto control the relative priorities of two or more of the following typesof traffic: latency-critical traffic, “interactive non-latency-criticaltraffic”, “video streaming traffic” and/or “downloadnon-latency-critical traffic”. In some embodiments, latency-orientedrouter 120 may implement functionality to retrieve a list of currentdownload connections and/or to specify which of the connections shouldbe given priority, and apply such priority settings to prioritizetraffic. This may be implemented, for example, using HTTP server 206,wherein HTTP server 206 may be controlled by an external application, tocommunicate connection lists and priority settings to configurator 240,and using one or more “enforcement techniques” to implementprioritization based on the settings in configurator 240. In someembodiments, additional “enforcement techniques” and/or more stringentsettings for the same “enforcement techniques” (for example, lowerlimits for “limit-based enforcement action” as described in more detailbelow) may be used to reduce the priority of a connection.

In some embodiments, latency-oriented router 120 may implement thefollowing latency optimization for some types of TCP traffic, includingbut not limited to video streaming traffic. If a particular data rateand/or packet rate for the TCP traffic is expected (which is common invideo streaming), and TCP traffic from an interface 204 is unexpectedlydelayed, then latency-oriented router 120 may issue a TCP packetcontaining a “duplicate ACK” to the appropriate interface 204. Such“duplicate ACK” may be obtained by storing the most recent ACK sent tosuch interface 204 for each TCP session. It should be noted that, insome embodiments, storing the entire TCP packet may not be required, andthat storing the immediately previous value of the ACK field may besufficient. Latency-oriented router 120 may send a packet with aduplicate of such ACK as soon as the unexpected delay arises. In someembodiments, such duplicate ACK may help initiate a “fast retransmit”procedure on the sender's side, thus facilitating a faster recovery fromthe unexpected delay than otherwise possible.

FIG. 2F is a block diagram illustrating an exemplary implementation of aTCP-handling subsystem, which may optionally be incorporated intolatency-oriented router 120 (for example, as illustrated in FIG. 2A)and/or proxy router 123 (for example, as illustrated in FIG. 2D),according to an embodiment of the present disclosure. In suchembodiments, outgoing detector 220 may direct some or all TCP packets toTCP terminator 241. TCP terminator 241 may act as an end-point for theTCP connection by, for example, implementing a standard TCP stack andmay effectively terminate any TCP connection from interface 202. Toimplement termination, TCP terminator 241 may send packets back tointerface 202.

As a result of such termination, TCP terminator 241 may obtain portionsof TCP stream and/or target IP addresses of terminated connections. SuchTCP stream portions and/or target IP addresses may be passed to outgoingTCP detector 242. Outgoing TCP detector 242 may detect whether a TCPconnection is an “interactive” connection, “download” connection or“video” connection and send such TCP stream portions and/or target IPaddresses to interactive HTTP processor 245, download processor 244 orvideo streaming processor 243, respectively. Other traffic may be sentto other TCP processor 246. Detection of connection type by outgoing TCPdetector 242 may be implemented using application-level protocol-basedanalysis as described above and/or any other methods described herein.

In some embodiments, a TCP-handling subsystem that is functionallysimilar to the one illustrated in FIG. 2F may be implemented without TCPterminator 241. In such embodiments, TCP stream fragments may bere-assembled by such TCP-handling subsystem to allow forapplication-level protocol analysis and/or modification withoutterminating the TCP connection itself (in particular, no packets to besent from latency-oriented router 120 to interface 202 may begenerated). In such embodiments, after TCP stream fragments areprocessed by processors 243-246, such TCP stream fragments may be sentto target interfaces as TCP packets. In such embodiments, additional TCPconnections may be created and/or terminated by processors 243-246.

Each of other TCP processor 246, interactive HTTP processor 245,download processor 244 and video streaming processor 243 may initiateits own TCP connection(s) with interface 204 using, for example, targetIP addresses received from outgoing TCP detector 242. In someembodiments, there may be no one-to-one correspondence between incomingTCP connections (terminated by TCP terminator 241) and outgoing TCPconnections (initiated by other TCP processor 246, interactive HTTPprocessor 245, download processor 244 or video streaming processor 243).For example, for an incoming TCP connection there may be more than oneoutgoing TCP connection. In other embodiments, there may be suchone-to-one correspondence, wherein instead of terminating incoming TCPconnection at TCP terminator 241 and establishing a new TCP connectionin one of processors 243-246, packets belonging to incoming TCPconnection may be forwarded, with or without other modificationsdescribed herein.

All processors 243-246 may implement one or more “potential issuedetection” techniques” and/or “enforcement techniques”. Any suchprocessor 243-246 may ensure that packets it sends toward interface 204(for example, as part of a TCP connection it initiates) have specificDSCP values, such as those DSCP values discussed with respect toduplicator 250.

In some embodiments, other TCP processor 246 may establish one outgoingTCP connection for each incoming TCP connection. In some embodiments,other TCP processor 246 may balance outgoing TCP connections acrossdifferent interfaces 204.

In some embodiments, processors 243-245 may implement the detection of“hanging” TCP connections and the automated re-reissue of idempotentrequest(s), such as HTTP GET/OPTIONS/HEAD request. Such idempotentrequest(s) may be automatically re-issued without dropping the originalrequest. In such cases, if a reply to the original request arrivesbefore a reply to the second request, the reply to the first request maybe returned to the incoming TCP connection, and/or the second outgoingrequest may be aborted. In some embodiments, detection of “hanging” TCPconnections may be accomplished using timeouts. It should be noted thatdifferent processors may use different timeouts for the detection of“hanging” TCP connections. As a non-limiting example, download processor244 may use a timeout of 5 minutes; video streaming processor 243 mayuse a timeout of 15 seconds for initial request and 5 seconds forsubsequent requests; and interactive HTTP processor 245 may use atimeout of 20 seconds. In some embodiments, when a request is re-issued,such re-issued request may be over a different interface 204 from theinterface 204 used for the original request.

In some embodiments, in addition to implementing any of the techniquesdescribed above, interactive HTTP processor 245 may split incoming HTTPrequests from a single incoming TCP connection into the same HTTPrequests over multiple outgoing TCP connections. In some embodiments,HTTP requests may be modified, for example, by splitting a single HTTPrange request into two or more HTTP range requests, and as described inmore detail below. In some embodiments, interactive HTTP processor 245may perform protocol conversion between any of the protocols capable ofcarrying HTTP requests, including but not limited to HTTP/1, QUIC, SPDYand/or HTTP/2. Thus, interactive HTTP processor 245 may establishHTTP/1, QUIC, SPDY or HTTP/2 outgoing connections, even if the type ofincoming connection is different. In some embodiments, interactive HTTPprocessor 245 may balance outgoing TCP connections and/or HTTP requestsacross different interfaces 204. Implementation of any techniquesdescribed above may improve interactivity of end-user web browsing.

In some embodiments, in addition to implementing one or more of thetechniques described above, download processor 244 may implement one ormore of the techniques described with respect to interactive HTTPprocessor 245. In addition, download processor 244 may split one HTTPrange request into two or more HTTP range requests. Such split HTTPrange requests may be transmitted over different TCP connections. Insome embodiments, in addition to (or instead of) HTTP requests, similartechniques may be applied to BitTorrent file pieces. Implementation ofany techniques described above may accelerate end-user downloads.

In some embodiments, in addition to implementing one or more of thetechniques described above, video streaming processor 243 may implementone or more of the techniques described with respect to downloadprocessor 244. Video streaming processor 243 may use different (forexample, significantly smaller) timeouts than download processor 244. Insome embodiments, video streaming processor 243 may recognize that videostreaming is in progress and issue outgoing HTTP requests even if suchrequests were not yet requested over the incoming TCP connection.Replies to such HTTP requests may be stored within latency-orientedrouter 120 and may be served from storage, thus obviating the need torequest the information from the server if such replies are requestedover incoming TCP connection. In some embodiments, video streamingprocessor 243 may issue each HTTP request over more than one interface204 in a manner similar to that of duplicator 250. Some such duplicateHTTP requests may also be delayed in a manner similar to that ofduplicator 250. Implementation of any of the techniques described abovemay accelerate and/or smoothe end-user video streaming.

In some embodiments in which a TCP connection is encrypted (for example,using SSL or TLS, which are routinely used for HTTPS requests),performing application-level protocol analysis and/or notification maybe impossible. To facilitate handling of encrypted application-levelconnections, several different techniques may be used, as described inmore detail below.

In some embodiments, to facilitate handling encrypted application-levelconnections, TCP terminator 241 may terminate not only TCPconnection(s), but also SSL/TLS connection(s). In such embodiments,outgoing connections established by processors 243-246 may be SSL/TLSconnections. Such connection terminations may allow for decryption ofthe stream and analysis and/or modification of the application-levelprotocol as if they were not encrypted. However, providing a validSSL/TLS certificate when terminating an incoming SSL/TLS connectionpresents significant complications. To resolve such complications,latency-oriented router 120 may include its own private key and maygenerate a certificate for an incoming SSL/TLS connection, wherein theCommon Name field corresponds to the domain being requested. Suchcertificate may be signed by latency-oriented router 120's private key.Use of such technique may require installing the certificate of thelatency-oriented router 120 into web browsers using this feature. Thistechnique may present security risks, so, in some embodiments, its usemay be disabled by default. Enabling use of such technique may requireaction by the end-user, such as, without limitation, modifying settingsin configurator 240 via HTTP server 206.

FIG. 2G is a block diagram illustrating another exemplary implementationof a TCP-handling subsystem, according to an embodiment of the presentdisclosure. In some embodiments, the incorporation of outgoing HTTPdetector 242A as illustrated in FIG. 2G may be used as a part oflatency-oriented router 120 running on user device 110 in order tofacilitate handling encrypted application-level connections.Implementation of outgoing HTTP detector 242A as illustrated in FIG. 2Gmay be used, for example, in configurations illustrated in FIG. 1F.Browser plugin 247 may intercept HTTP requests and/or other requests,including but not limited to Websocket data, from web browsers runningon user device 110. Browser plugin 247 may feed such interceptedrequests to outgoing HTTP detector 242A. Outgoing HTTP detector 242A maywork in a manner similar to outgoing TCP detector 242, but may useintercepted HTTP requests rather than TCP stream fragments as itsinputs. Such intercepted requests may then be processed by processors243-246 and then may be fed back to the web browser, which may, in turn,encrypt the intercepted requests and/or send them over TCP.

Some embodiments, such as the embodiment illustrated in FIG. 2G, may beused to implement “X-Plugin” 248, which may then be used inconfigurations such as the embodiment illustrated in FIG. 1K. In someembodiments, “X-Plugin” 248 may intercept HTTP requests as such requestsare initiated by a web browser and forward such requests tolatency-oriented router 120 (or proxy router 123). In some embodiments,“X-Plugin” 248 may be implemented using a web browser plugin.

In some embodiments, “X-Plugin” 248 may be unable to send requests overdifferent outgoing interfaces directly and may use one or moreadditional protocols to indicate to latency-oriented router 120 which ofthe requests should be sent over each interface 204 of thelatency-oriented router 120. Latency-oriented router 120 may use suchindications to forward the requests to its different interfaces 204. Oneexample of such additional protocol may comprise a separate HTTP request(for example, directed to latency-oriented router 120 itself), whereinsuch HTTP request includes fields “target_IP” and “interface_number” andindicates that the next TCP request to “target_IP” should be forwardedto the interface 204 identified by “interface_number”. Another exampleof such additional protocol includes the addition of information about atarget interface 204 and a target IP address to the beginning of a TCPstream, which TCP stream may be addressed to latency-oriented router 120itself (i.e., may have target address of latency-oriented router 120).The remainder of such TCP stream may contain an encrypted SSL/TLSsession.

In some embodiments, latency-oriented router 120 may allow “X-Plugin”248 (or any other device, including but not limited to anotherlatency-oriented router 120 and/or a proxy router 123) to detect thatits Internet connection is served by latency-oriented router 120. Thismay be implemented, for example, using any UPnP protocol, Rendezvousprotocol or any protocol conceptually similar to NAT-PMP or PCP (or anextension to existing NAT-PMP or PCP protocol).

In some embodiments, to allow for detection of whether an Internetconnection is served by latency-oriented router 120 and/or proxy router123, latency-oriented router 120 may intercept outgoing packets andanalyze such packets to determine whether they follow one or morepre-defined patterns (for example, using a pre-defined TCP and/or UDPport as a target port, and a pre-defined IP address as a target IPaddress). In one non-limiting example, latency-oriented router 120 (orproxy router 123) may intercept outgoing packets going to pre-defined IPaddress(es) over pre-defined TCP and/or UDP port(s). In suchembodiments, “X-Plugin” 248 may issue an outgoing request that conformsto a pre-defined pattern and that is intended, for example, for anInternet host. Such request, when proceeding through an upstreamlatency-oriented router 120 (or proxy router 123), may be interceptedand replied to by the latency-oriented router 120 (or proxy router 123)closest to the user device 110 which has issued such request. Such replymay serve as an indication to the requestor that there is alatency-oriented router 120 (or proxy router 123) between the requestorand the Internet. In some embodiments, another latency-oriented router120 or proxy router 123 may serve as a requestor instead of “X-Plugin”248.

In some embodiments, more than one request conforming to a pre-definedpattern may be sent by a requestor to identify its upstreamlatency-oriented routers 120 and/or proxy routers 123, if any. In somesuch embodiments, the requestor may send such requests over differentupstream interfaces.

In some embodiments, packets and/or connections matching pre-definedpatterns may be used in lieu of packets and/or connections addressed tolatency-oriented router 120 (or proxy router 123). This may be ofparticular interest in embodiments in which there are multiplelatency-oriented routers 120 and/or proxy routers 123 for the samerequestor (such as user device 110 or another latency-oriented router120 or proxy router 123) and the route for each packet is selected ordetermined by the requestor individually. In such embodiments,transmitting packets to “upstream” routers by using the IP address ofthe “upstream” router may result in undesirable packet traffic patterns,but transmitting packets to “upstream” routers via pattern matching topre-defined patterns as described above may allow each packet to reachthe appropriate latency-oriented router 120 and/or proxy router 123 forfurther processing.

In some embodiments, latency-oriented router 120 and/or proxy router 123may use one or more detection methods described herein to detect whetherthere is an “upstream” proxy router 123. In some embodiments,latency-oriented router 120 and proxy router 123 may communicate using aprotocol similar to the “additional protocol” described above withrespect to communications between “X-Plugin” 248 and latency-orientedrouter 120.

In some embodiments, latency-oriented router 120 may allow “X-Plugin”248 (or any other client application and/or other router) to retrieveinformation, such as a list of its interfaces and their properties, thepresence of “upstream” latency-oriented routers and/or proxy routers,and so on. Such “X-Plugin” 248 functions may be implemented as anyrequest-response protocol, including but not limited torequest-responses over UDP, TCP or HTTP(s).

With respect to the discussion of FIGS. 3A-3G that follows, it is notedthat all values noted for IP addresses, port numbers, session_IDs,packet_IDs and/or any other fields are merely exemplary and solely forthe purpose of facilitating a clear explanation of the presentdisclosure. It is further noted that although in FIGS. 3A-3G portnumbers are different on different devices (and the same for differentinterfaces on the same device), this is merely exemplary and is notintended to narrow the scope of the present disclosure. Any two portnumbers may be the same or different without departing from the scope ofpresent disclosure. For purposes of discussion with respect to FIGS.3A-3G, the notation “A.B.C.D:E” may be used, where “A.B.C.D” is an IPv4or IPv6 IP address, and E is the port number. It is also noted that itis not required that different “sides” of the same device (such aslatency-oriented proxy 121 and/or intermediate proxy 122) have the sameIP address; these addresses may be different without departing from thescope of present disclosure. Further, “port”, as indicated in FIGS.3A-3G and as discussed below, could be either a UDP port or a TCP port.

FIG. 3A illustrates modification of the IP packets, according to anembodiment of the present disclosure. In this embodiment, all thepackets exchanged may be latency-critical UDP packets (and the portsmentioned may be UDP ports). Alternatively, the packets exchanged may beTCP packets (and the ports mentioned may be TCP ports).

In the example of FIG. 3A, a user device 110 has an IP address 10.0.0.3,and sends a request with “payload1” to server 180 (which has an IPaddress of 1.2.3.4), port 456 (while listening on port 123 where itexpects to receive replies). To send such a request, user device 110 maysend exemplary packet 301 with source IP:port=10.0.0.3:123, destinationIP:port=1.2.3.4:456, and packet body consisting of payload1. Packet 301may travel over the network and arrive at latency-oriented router 120(which may have a home-network-facing IP address of 10.0.0.1). At thispoint, latency-oriented router 120 may get the packet (for example, bylistening on a SOCK_RAW Berkeley socket), and pass it to the core 210 ofthe latency-oriented router 120. Within core 210, upon receiving thepacket, duplicator 250 may create two copies of the original packet, andsend each copy to one of two external interfaces 140, with one of theseinterfaces in this exemplary embodiment having IP address 5.6.7.8, andanother interface having IP address of 9.10.11.12. Latency-orientedrouter 120 may use port 888 to receive replies.

In some embodiments, duplicator 250 may create a latency-criticalsession with associated information to facilitate processing of thereply packets, as discussed with respect to FIG. 3B.

The first copy 301(1) may be sent to ISP 140A over the interface 130A,and may have source IP:port=5.6.7.8:888 and destinationIP:port=91.92.93.94:777 (where 91.92.93.94 is an IP address oflatency-oriented proxy 121, and 777 is a port where latency-orientedproxy 121 listens for the traffic from latency-oriented routers). Thebody of first copy 301(1) may include payload1, as well as some optionalfields, such as: session_ID (to identify the session to which the packetbelongs to the latency-oriented proxy), packet_ID (to facilitatededuplication), and proxy_target (so that the latency-oriented proxyknows where to send the packet). The second copy 301(2) may be sent toISP 140B over the interface 130B, and may have sourceIP:port=9.10.11.12:888. Destination IP:port and body of the second copy301(2) may be the same as that of the copy 301(1) (this may include thebody having the same optional fields as the first copy 301(1)).

Copies 301(1) and 301(2) travel over the Internet (via ISP 140A and ISP140B respectively), and reach latency-oriented proxy 121.Latency-oriented proxy 121 may receive the packet (for example, bylistening on a SOCK_RAW or SOCK_DGRAM Berkeley socket), and may pass itto the core 211 of the latency-oriented proxy 121.

In some embodiments, within core 211, when the first (by time ofarrival) of the copies 301(1) or 301(2) reaches deduplicator 262, apacket 304 may be emitted (and the second copy by time of arrival may bedropped). In some embodiments, deduplicator 262 may create alatency-critical session and/or “virtual interfaces” to facilitateprocessing of the reply packets, as discussed with respect to FIG. 3B.In some embodiments, as illustrated in FIGS. 3A and 3B, Internet 144shown to the right of the latency-oriented router 121, may be the sameas Internet 144 shown to the left of the latency-oriented router 121. Insome embodiments, the physical interface (such as Ethernet) on the rightside of latency-oriented router 121 may be the same physical interfaceas the interface on the left side of latency-oriented router 121.

Packet 304 may have source_IP:port=91.92.93.94:666 (with 666 being aport where latency-oriented router 121 expects to receive replies fromserver 180; this port may be different for each session betweenlatency-oriented router 121 and server 180), and destinationIP:port=1.2.3.4.:456. The body of the packet 304 may be payload1. Asobserved, packet 304 may be identical to packet 301, except for thesource IP:port. Packet 304 may arrive to server 180, where packet 304may be processed in a usual manner.

FIG. 3B illustrates the transmission of the reply packet, according toan embodiment of the present disclosure. For example, reply packet 311may be transmitted in a system similar to that illustrated in FIG. 3A.In an embodiment, reply packet 311 is sent by server 180, withsource_IP:port=1.2.3.4:456, destination IP:port=91.92.93.94:666, and thebody being payload2. On arrival to latency-oriented proxy 121, packet311 may be sent to duplicator 252, which creates two copies of thepackets: 311(1) and 311(2). In one example, these copies may be furthersent by the duplicator 252 to different “virtual interfaces” (which mayinclude changing the target IP address of the packet, as described withrespect to duplicator 250). These “virtual interfaces” may be associatedwith the latency-critical session, and both the latency-critical sessionand the “virtual interfaces” may have been created when packets 301(1)and 301(2) were sent from user device 110 to server 180, as shown inFIG. 3A. In this manner, as “virtual interfaces” may modify target IPand/or target-port, the copies may have different destination IPaddresses.

In some embodiments, when sent by the latency-oriented proxy 121, thefirst copy 311(1) may have source IP:port=91.92.93.94:777 anddestination IP:port=5.6.7.8:888, and the packet body may containsession_ID, packet_ID, and payload2. The second copy 311(2) may havedestination IP:port=9.10.11.12:777, and may have a source IP:port and abody that is the same as the first copy 311(1). When thefirst-by-time-of-arrival of the copies 311(1) or 311(2) reaches thelatency-oriented router 120, a packet 314 may be emitted (and the secondcopy by time of arrival may be dropped). Packet 314 may have sourceIP:port=1.2.3.4:456, and destination IP:port=10.0.0.3:123. Note that thedestination IP:port of packet 314 may be obtained from alatency-critical session (and/or associated information), which may havebeen created when the packets 301(1) or 301(2) were travelling from theuser device 110 to the server 180, as shown in FIG. 3A. The body ofpacket 314 may be payload2. As observed, packet 314 may be identical topacket 311, except for the destination IP:port.

In some embodiments, given that packets 301 and 304 are identical exceptfor the source IP address:port, and packets 311 and 314 are identicalexcept for the destination IP:port, neither user device 110 nor server180 needs to have any knowledge of the changes to the packets made enroute. Thus, changes may be needed to the normal operation of userdevice 110 or server 180 for them to be compatible with thelatency-oriented router and latency-oriented proxy. From the perspectiveof user device 110 and server 180, the system is indistinguishable fromNAT (and more specifically—from NAPT), despite the observation thatNAT/NAPT is implemented in a distributed manner.

FIG. 3C illustrates further modifications to latency-critical IP packetsshown in FIG. 3A when an intermediate proxy is in the transmission path,according to an embodiment of the present disclosure. Packetmodifications shown in FIG. 3C may, for example, be performed inembodiments as shown in FIG. 1E. Similar to FIG. 3A and FIG. 3B, all thethree Internets 144 in FIG. 3C may be the same.

As substantial parts of the processing of packets in FIG. 3C are similarto that shown in and described with respect to FIG. 3A, only differencesfrom the processing shown in FIG. 3A are described herein. In anembodiment shown in FIG. 3C, latency-oriented router 120, in response toreceiving packet 301, may send two copies, 301(3) and 301(4), of thepacket to the intermediate proxy 122. The destination IP of both copies301(3) and 301(4) may be set as an IP address of an intermediate proxy122 (for example, 81.82.83.84 in FIG. 3C), and the destination port ofboth copies may be set as a port on which the intermediate proxy isready to receive the packets (for example, port 776 in FIG. 3C).Intermediate proxy 122 may process the first of the packets 301(3) or301(4) that it receives (by time of arrival) in the deduplicator 262,and then pass the processed packet to the duplicator 250. Duplicator 250of intermediate proxy 122 may send one or more copies of the packet itreceives from the deduplicator 262 (shown as 301(5) and 301(6) in FIG.3C) to the latency-oriented proxy 121. The source IP address of bothcopies 301(5) and 301(6) may be set as an IP address of the intermediateproxy 122 (1.82.83.84 in FIG. 3C), and the source IP port of bothpackets may be set as a port on which the intermediate proxy 122 isready to receive packets (665 in FIG. 3C). The destination IP addressand destination port of both copies 301(5) and 301(6) may be set as anIP address of the latency-oriented proxy 121 and a port on which thelatency-oriented proxy is ready to receive packets (91.92.93.94 and 777,respectively in FIG. 3C). In some embodiments, the intermediate proxy122 may assign a new value for the session_ID field (357 in FIG. 3C),but may retain the same value for the packet_ID field for copies 301(5)and 301(6) (as compared to these values in copies 301(3) and 301(4)). Insome embodiments, intermediate proxy 122 may keep the same values forthe session_ID and packet_ID fields for copies 301(5) and 301(6) (ascompared to these values in copies 301(3) and 301(4)). When received bythe latency-oriented proxy 121, copies 301(5) and 301(6) may beprocessed by the latency-oriented proxy in a manner that is the same orsimilar as that described with respect to packets 301(1) and 301(2) asshown in FIG. 3A.

It is to be understood that although that the preceding discussion wasin reference to two copies, the latency-oriented router 120 and/orintermediate proxy 122 may generate any number of copies of the packets.Additionally, the number of copies of the packets that are transmittedby the latency-oriented router 120 may differ from the number of copiesgenerated by the intermediate proxy 122.

FIG. 3D illustrates further modifications to latency-critical replypackets shown in FIG. 3B when an intermediate proxy is in thetransmission path, according to an embodiment of the present disclosure.Packet modifications shown in FIG. 3D may, for example, be performed inembodiments as shown in in FIG. 1E. Similar to FIG. 3C, all the threeInternets 144 in FIG. 3D may be the same.

As substantial parts of the processing of packets in FIG. 3D are similarto that shown in and described with respect to FIG. 3B, only differencesfrom the processing shown in FIG. 3B are described herein. In anembodiment shown in FIG. 3D, latency-oriented proxy 121, in response toreceiving packet 311, may send two copies, 311(3) and 311(4), of thepacket to the intermediate proxy 122. The destination IP of both copies311(3) and 311(4) may be set as an IP address of an intermediate proxy122 (for example, 81.82.83.84 in FIG. 3D), and the destination port ofboth packets may be set as a port on which the intermediate proxy isready to receive the packet (for example, 665 in FIG. 3D). Intermediateproxy 122 may process the first of the packets 311(3) or 311(4) that itreceives (by time of arrival) in deduplicator 260, and then pass theprocessed packet to the duplicator 252. Duplicator 252 of intermediateproxy 122 may send one or more copies of the packet it receives from thededuplicator 260 (copies shown as 311(5) and 311(6) in FIG. 3D) to thelatency-oriented router 120. The source IP address of both copies 311(5)and 311(6) may be set as an IP address of the intermediate proxy 122(81.82.83.84 in FIG. 3D), and the source IP port of both packets may beset as a port on which the intermediate proxy 122 is ready to receivepackets (776 in FIG. 3D). The destination IP address of the packets311(5) and 311(6) may be set as an IP address of the latency-orientedrouter 120 (5.6.7.8 and 9.10.11.12, respectively in FIG. 3D), and thedestination port of the packets 311(5) and 311(6) may be set as a porton which the latency-oriented router 120 is ready to receive packets(888 in FIG. 3D). In some embodiments, the intermediate proxy 122 mayassign a new value for the session_ID field (999 in FIG. 3D), but mayretain the same value for the packet_ID field for copies 311(5) and311(6) (as compared to these values in copies 311(3) and 311(4)). Insome embodiments, intermediate proxy 122 may keep the same values forthe session_ID and packet_ID fields for copies 311(5) and 311(6) (ascompared to these values in copies 311(3) and 311(4)). When received bythe latency-oriented router 120, copies 311(5) and 311(6) may beprocessed by the latency-oriented router in a manner that is the same orsimilar as that described with respect to packets 311(1) and 311(2) asshown in FIG. 3B.

It is to be understood that although that the preceding discussion wasin reference to two copies, the latency-oriented proxy 121 and/orintermediate proxy 122 may generate any number of copies of the packets.Additionally, the number of copies of the packets that are transmittedby the latency-oriented proxy 121 may differ from the number of copiesgenerated by the intermediate proxy 122.

FIG. 3E illustrates further modifications to latency-critical IP packetsshown in FIG. 3A when one or more simple proxies 124 are in thetransmission path, according to an embodiment of the present disclosure.Packet modifications shown in FIG. 3E may, for example, be performed inembodiments shown in FIG. 1H. Similar to FIG. 3C, all the threeInternets 144 in FIG. 3E may be the same.

As substantial parts of the processing of packets in FIG. 3E are similarto that shown in and described with respect to FIG. 3A, only differencesfrom the processing shown in FIG. 3A are described herein. In anembodiment shown in FIG. 3E, latency-oriented router 120, in response toreceiving packet 301, may send two copies of the packet, 301(7) and301(8), to the simple proxies 124A and 124B, respectively. Thedestination IP of the packet 301(7) may be set as an IP address of thesimple proxy 124A (for example, 71.72.73.74 in FIG. 3E), and thedestination port of the packet 301(7) may be set as a port on which thesimple proxy 124A is ready to receive packets (for example, port 771 inFIG. 3E). The destination IP of the copy 301(8) may be set as an IPaddress of the simply proxy 124B (for example, 61.62.63.64 in FIG. 3E),and the destination port of the copy 301(8) may be set as a port onwhich the simple proxy 124B is ready to receive packets (for example,port 762 in FIG. 3E). Each of simple proxies 124 may process therespective packet that it receives by sending it to the proxy translator288. The proxy translator of each simple proxy 124 may process itsrespective packet and then send it to a respective interface 204. Therespective interface 204 of each of simple proxy 124A and 124B transmitspackets 301(9) and 301(10), respectively, to a latency-oriented proxy121. The source IP address of copy 301(9) of the packet may be set as anIP address of the simple proxy 124A (71.72.73.74 in FIG. 3E), and thesource IP port of the packet may be set as a port on which the simpleproxy 124A is ready to receive packets (port 662 in FIG. 3E). The sourceIP address of copy 301(10) of the packet may be set as an IP address ofthe simple proxy 124B (61.62.63.64 in FIG. 3E), and the source IP portof the packet may be set as a port on which the simple proxy 124B isready to receive packets (port 648 in FIG. 3E). The destination IPaddress and destination port of both packets 301(9) and 301(10) may beset as an IP address of the latency-oriented proxy 121 and a port onwhich the latency-oriented proxy is ready to receive packets(91.92.93.94 and 777 respectively in FIG. 3E). In some embodiments, thesimple proxies 124 may assign a new value for the session_ID field, butmay retain the same value for the packet_ID field for copies 301(9) and301(10) (as compared to these values in copies 301(7) and 301(8)). Insome embodiments, the simple proxies 124 may keep the same values forthe session_ID and packet_ID fields for copies 301(9) and 301(10) (ascompared to these values in copies 301(7) and 301(8)). When received bythe latency-oriented proxy 121, copies 301(9) and 301(10) may beprocessed by the latency-oriented proxy in a manner that is the same orsimilar as that described with respect to packets 301(1) and 301(2) asshown in FIG. 3A.

FIG. 3F illustrates further modifications to latency-critical replypackets shown in FIG. 3B when one or more simple proxies are in thetransmission path, according to another embodiment of the presentdisclosure. Packet modifications shown in FIG. 3F may, for example, beperformed in embodiments as shown in FIG. 1H. Similar to FIG. 3C, allthree Internets 144 in FIG. 3F may be the same.

As substantial parts of the processing of packets in FIG. 3F are similarto that shown in and described with respect to FIG. 3B, only differencefrom the processing shown in FIG. 3B are described herein. In anembodiment shown in FIG. 3F, latency-oriented proxy 121, in response toreceiving packet 311, may send two copies of the packets, 311(7) and311(8) to the simple proxies 124A and 124B, respectively. Thedestination IP of the copy 311(7) may be set as an IP address of thesimple proxy 124A (for example, 71.72.73.74 in FIG. 3F), and thedestination port of the packet 311(7) may be set as a port on which thesimple proxy 124A is ready to receive packets (for example, port 662 inFIG. 3F). The destination IP of the copy 311(8) may be set as an IPaddress of the simple proxy 124B (for example, 61.62.63.64 in FIG. 3F),and the destination port of the packet 311(8) may be set as a port onwhich the simple proxy 124B is ready to receive packets (for example,port 648 in FIG. 3F). Each of simple proxies 124 may process therespective packet that it receives by sending it to the proxy reversetranslator 289. The proxy reverse translator of each simple proxy 124may process its respective packet and then send it to a respectiveinterface 202. The respective interface 202 of each of simple proxy 124Aand 124B transmits packets 311(9) and 311(10), respectively, to alatency-oriented router 120. The source IP address of copy 311(9) of thepacket may be set as an IP address of the simple proxy 124A (71.72.73.74in FIG. 3F), and the source IP port of the packet may be set as a porton which the simple proxy 124A is ready to receive packets (port 771 inFIG. 3F). The source IP address of copy 311(10) of the packet may be setas an IP address of the simple proxy 124B (61.62.63.64 in FIG. 3E), andthe source IP port of the packet may be set as a port on which thesimple proxy 124B is ready to receive packets (port 762 in FIG. 3F). Thedestination IP address and destination port of packet 311(9) may be setas an IP address of the latency-oriented router 120 and a port on whichthe latency-oriented router is ready to receive packets (5.6.7.8 and888, respectively in FIG. 3F). The destination IP address anddestination port of packet 311(10) may be set as another IP address ofthe latency-oriented router 120 and a port on which the latency-orientedrouter is ready to receive packets (9.10.11.12 and 888, respectively inFIG. 3F). In some embodiments, the simple proxies 124 may assign a newvalue for the session_ID field, but may retain the same value for thepacket_ID field for copies 311(9) and 311(10) (as compared to thesevalues in copies 311(7) and 311(8)). In some embodiments, the simpleproxies 124 may keep the same values for the session_ID and packet_IDfields for copies 311(9) and 311(10) (as compared to these values incopies 311(7) and 311(8)). When received by the latency-oriented router121, copies 311(9) and 311(10) may be processed by the latency-orientedrouter in a manner that is the same or similar as that described withrespect to packets 311(1) and 311(2) as shown in FIG. 3A.

FIG. 3G illustrates transmission of latency-critical packets withpossible modifications to the IP packets, according to an embodiment ofthe present disclosure. For example, such modification may be performedin embodiments as shown in FIG. 1I.

In the example of FIG. 3G, a user device 110A sends a request with a“payload1” to a user device 110A. User devices 110A and 110B each are“behind” latency-oriented routers 120A and 120B, respectively. It is tobe understood that the IP addresses, port numbers, session_ID, andpacket_ID numbers are exemplary and serve to facilitate the presentdisclosure and are not otherwise limiting in any manner. User device110A may send exemplary packet 301 to the user device 110B. Packet 301may have source_IP: port=10.0.0.3:123 and destination port 1.2.3.4:890,and a packet body consisting of payload1. Packet 301 is transmitted overthe network and arrives at latency-oriented router 120A. Thelatency-oriented router 120A receives the packet over an interface andpasses it to core 210. In the present exemplary embodiment, duplicator250 may create four copies of the original packet 301 (301(11) through301(14)). Each of the four copies is transmitted to an ISP 140 throughone of two interfaces in latency-oriented router 120A. The twointerfaces of the latency-oriented router are assumed to have IPaddresses 5.6.7.8 and 9.10.11.12. In the embodiment of FIG. 3G, thelatency-oriented router 120A may use port 888 to receive replies.

In the current exemplary embodiment, the first copy 301(11) of thepacket is sent to ISP 140A over the connection 130A, and may have asource IP:port=5.6.7.8:888 and a destination IP:port=1.2.3.4:890,corresponding to an IP address of the latency-oriented router 120B and aport on which the latency-oriented router 120B is ready to receivepackets from other latency-oriented routers. The second copy 301(12) ofthe packet may be sent to the same ISP 140A over the same connection130A, but may have destination IP:port=13.14.15.16:890, corresponding toa second IP address of the latency-oriented router 120B. In someembodiments, the first or second copy may be delayed (for example asdescribed above with respect to duplicator 250).

The third copy 301(13) of the packet may be sent to ISP 140B over theconnection 130B, and may have a source IP:port=9.10.11.12:888 and adestination IP:port=1.2.3.4:890. The fourth copy 301 (14) of the packetmay be sent to the same ISP 140B over the same connection 130B, but mayhave destination IP:port=13.14.15.16:890. The third or fourth copy maybe delayed (for example as described above with respect to duplicator250).

The body of the packets 301(11) through 301(14) each contain payload1.Some or all of the copies 301(11) through 301(14) may optionally furtherinclude a session_ID field, a packet_ID field and/or VPORT fields.

Sending two different copies of the same packet (e.g., 301(11) and301(12), or 301(13) and 301(14)) over the same connection (e.g., 130A or130B, respectively) may be implemented, for example, by using virtualinterfaces. As described above, for example, such virtual interfaces mayhave an associated target_IP address and/or target_port, and may changethe values of the target_IP address and/or target_port fields of thepacket to the values associated with the virtual interface.

In the exemplary embodiment of FIG. 3G, the transmission path of thepacket 301(11) may be via ISP 140A and the Internet and ISP 140C; thetransmission path of the packet 301(12) may be via ISP 140A and theInternet and ISP 140D; the transmission path of packet 301(13) may bevia ISP 140B and the Internet and ISP 140C; and the transmission path ofpacket 301(14) may be via ISP 140B and the Internet and ISP 140D.Accordingly, in the embodiment of FIG. 3G, four different copies of thepacket 301 may travel over four different paths to reach the samedestination. This ensures that at least one of the copies reaches thedestination if any of the four paths is operational. Additionally, ifthere may be probabilistic packet drops along some of the paths (asmight occur when AQM routers are present along the transmission path),the chances that at least one of the packets will be delivered isincreased.

On the receiving end, one or more of the packets 301(11) through 301(14)may be received by latency-oriented router 120B. Latency-oriented router120B may “listen” for packets, for example, on a SOCK-RAW or SOCK_DGRAMBerkley socket and pass the received packet to its core 210. Within core210, the first of the received copies 301(11)-301(14) (by time ofarrival) may be passed to the deduplicator 260, and eventually thelatency-oriented router 120B may transmit a packet 304 containingpayload1 to the user device 120B. The second, third, and fourth copiesof the packet (by time of arrival) may be dropped.

Packet 304 may have source IP:port=5.6.7.8:888 (i.e., the source IP andport number of the latency-oriented router 120A). The port number may beobtained, for example, from the VPORT field. Alternatively, thelatency-oriented router 120B may assign another source port number tothe packet 304 using any NAPT technique for selecting the port number,or using any port number so long as the port number makes the pair(5.6.7.8:port) unique among all the sessions to which thelatency-oriented router 120B is a party. The values for thetarget_IP:port of the packet 304 (e.g., 192.168.0.5:456 in FIG. 3G) maybe derived, for example, from a record in a “static assignment” table.The “static assignment” table may be obtained from, for example, theconfigurator 240. Such a “static assignment” table may include a rule,for example, that all packets directed to 1.2.3.4:890 are redirected to192.168.0.5:456.

In an alternative embodiment, the target IP:port of the packet 304 maybe determined by trying to match the source IP address and/or port (orVPORT) value in the incoming packet to the target IP address and/or portvalue in an existing “outgoing” latency-critical session. If such amatch is found, then the target_IP:port of the packet 304 may be set tothe same value as the source IP:port of the existing “outgoing” session.This technique may facilitate “hole punching” techniques”, which arecommonly used for NAT traversal. In some embodiments, protocols such as“classical STUN” or STUN (as described, for example, in RFC3489, RFC5389and/or RFC5766, the entirety of each of which is incorporated herein byreference) may be used in addition to “hole punching” techniques toestablish the session between the user devices 110A and 110B.

It should be noted that packet flow in the opposite direction (i.e.,packets sent from the user device 110B to the user device 110A) may alsouse the same technique of sending up to four packets over up to fourdifferent paths formed by the two interfaces of the latency-criticalrouter 120B and the two interfaces of the latency-critical router 120A.

It is further to be understood that the embodiment with respect to FIG.3G may be generalized as an N×M packet transmission schema, wherein onecommunication device has N interfaces and the other communication devicehas M interfaces (where N and M are integers equal or greater than one,and where N and M need not be the same integer). In such a schema, up toN×M different paths may be formed between the interfaces. Devices maysend copies of packets over some or all of the paths of this matrix byselecting the interfaces over which to send a copy of the packet anddestination address of the copy.

It is also within the scope of the present disclosure to include one ormore proxies (such as latency-critical proxy 121, intermediate proxy122, and/or simple proxy 124) between the latency-oriented routers 120Aand 120B. In such an embodiment, the latency routers 120 may optionallyuse the public IP address of the proxy(ies) to establish a communicationlink, instead of (or in addition to) relying on “hole punching”techniques. It is also within the scope of the present disclosure forone or more of the proxy(ies) to implement a TURN server as described,for example, in RFC5766.

It is to be understood that the technique of transmitting multiplecopies of a packet over multiple ISPs is not limited to embodiments inwhich a latency-oriented router communicates with anotherlatency-oriented router (as discussed with respect to FIG. 3G) but maybe used with any of the embodiments discussed herein including, but notlimited to, embodiments in which a latency-oriented router communicateswith a latency-oriented proxy.

FIG. 4A is a flow diagram illustrating the operation of alatency-oriented router according to an embodiment of the presentdisclosure. For ease of explanation, method 400 will be described withrespect to latency-oriented router 120 of FIG. 2A, as described aboveand for a situation in which a packet is received on interface(s) 202.However, method 400 is not intended to be limited thereto.

At stage 402, a packet may be received from user device 110 at one ofinterfaces 202. At stage 404, the type of the incoming packet may bedetermined. For example, outgoing detector 220 may determine if thepacket belongs to latency-critical traffic or other traffic. If thepacket belongs to latency-critical traffic, the method may proceed tostage 406; if it belongs to “other traffic”, the method may proceed tostage 416.

At stage 406, “X-Fragmentation” may be performed on the packet. At stage408, the packet may be duplicated to generate one or more copies. Forexample, duplicator 250 may create one or more copies of the packet,intended for one or more interfaces 204. In some embodiments, there maybe N copies intended for M different interfaces, where N and M are anyinteger greater than zero (and some of the interfaces may get more thanone copy).

At stage 410, the copies may be modified by performing “NAT-liketranslation” on them. At stage 412, the copies may be modified byperforming “proxy translation” on them. At stage 414, some or all of theduplicated copies of the packets may be optionally delayed (includingspreading them over certain time interval), and each copy may then besent to one of interfaces 204.

Upon a determination at stage 404 that the incoming packet belongs to“other traffic”, at stage 416 it may be determined whether to drop thepacket, to modify it to include ECN notification, or to leave the packetwithout modifications. For example, outgoing traffic controller 270 maymake such a determination based on results of “potential issuesdetection” techniques. As a result, the packet may be dropped, ECNmodification may be added, or the packet may be kept intact. If thepacket is not dropped, at stage 418 the packet may be sent to one ofinterfaces 204.

FIG. 4B is a flow diagram illustrating the operation of alatency-oriented router according to another embodiment of the presentdisclosure. For ease of explanation, method 420 will be described withrespect to latency-oriented router 120 of FIG. 2A, as described aboveand for a situation in which a packet is received on interface(s) 204.However, method 420 is not intended to be limited thereto.

At stage 422, a packet may be received from server 180 at one of theinterfaces 204. At stage 424, incoming detector 230 may determinewhether the packet belongs to “latency-critical traffic” or to “othertraffic”. If the packet belongs to latency-critical traffic, the methodmay proceed to stage 426; if it belongs to “other traffic”, the methodmay proceed to stage 434.

At stage 426, the packet may be deduplicated (e.g., dropping extracopies as applicable). This deduplication may be performed by thededuplicator 260 using the packet_ID in a manner similar as describedabove. At stage 427, “X-Defragmentation” may be performed on the packet.At stage 428, the packet may be modified by performing “reverse NAT-liketranslation”. At stage 430, the packet may be modified by performing“reverse proxy translation”. At stage 432, the packet may be sent to oneof interfaces 202.

Upon a determination at stage 424 that the incoming packet belongs to“other traffic”, at stage 434 it may be determined whether to drop thepacket, to modify it to include ECN notification, or to leave the packetwithout modifications. For example, incoming traffic controller 271 maymake such a determination based on results of “potential issuesdetection” techniques. As a result, the packet may be dropped or ECNmodification may be added, or the packet may be kept intact. If thepacket is not dropped, at stage 436, the packet may be sent to one ofinterfaces 202.

FIG. 4C is a flow diagram illustrating the operation of alatency-oriented proxy according to an embodiment of the presentdisclosure. For ease of explanation, method 440 will be described withrespect to latency-oriented proxy 121 of FIG. 2B, as described above andfor a situation in which a packet is received on interface(s) 204.However, method 440 is not intended to be limited thereto.

At stage 442, a packet may be received at one of the interfaces 204. Atstage 444, the packet may be authenticated. The authentication maybeperformed by authenticator 282. At stage 446, the packet may bededuplicated (e.g., dropping extra copies as applicable). Thisdeduplication may be performed by the deduplicator 262 using thepacket_ID in a manner similar as described above. At stage 448,“X-Defragmentation” may be performed on the packet. At stage 450, thepacket may be modified by performing “NAT-like translation”. At stage452, the packet may be modified by performing “proxy translation 2”. Atstage 454, the packet may be sent to one of interfaces 202.

FIG. 4D is a flow diagram illustrating the operation of alatency-oriented proxy according to another embodiment of the presentdisclosure. For ease of explanation, method 460 will be described withrespect to latency-oriented proxy 121 of FIG. 2B, as described above andfor a situation in which a packet is received on interface(s) 202.However, method 460 is not intended to be limited thereto.

At stage 462, a packet may be received at one of the interfaces 202. Atstage 464, “X-Fragmentation” may be performed on the packet. At stage466, the packet may be duplicated to generate one or more copies. Thisduplication may be performed by the duplicator 252 intended for one ormore interfaces 204. In some embodiments, there may be N copies intendedfor M different interfaces and some of the interfaces may get more thanone copy. At stage 468, the one or more copies of the packet may bemodified by performing “reverse NAT-like translation”. At stage 470, oneor more copies of the packet may be modified by performing “reverseproxy translation”. At stage 472, some or all of the duplicated copiesmay be optionally delayed (e.g., spreading them over certain timeinterval), and each copy may be then sent to one of interface(s) 204.

FIG. 4E is a flow diagram illustrating the operation of an intermediateproxy, according to an embodiment of the present disclosure. For ease ofexplanation, method 600 will be described with respect to intermediateproxy 122 of FIG. 2C, as described above and for a situation in which apacket is received on interface(s) 202. However, method 600 is notintended to be limited thereto.

At stage 601, one or more copies of a packet may be received at one ofinterface(s) 202. At stage 602, the one or more copies of the packet maybe authenticated, for example, by authenticator 282. At stage 603, theone or more copies of the packet may be deduplicated (e.g., droppingextra copies as applicable). This deduplication may be performed by thededuplicator 262 using the packet_ID in a manner similar to thatdescribed above. At stage 604, “X-Defragmentation” may be performed onthe deduplicated packet. For example, “X-Defragmentation” may beperformed by deduplicator 262. At stage 605, “X-Fragmentation” may beperformed on the packet, for example, by duplicator 250. At stage 606,the packet may be duplicated to generate one or more copies. Thisduplication may be performed by duplicator 250 with copy(ies) intendedfor one or more interfaces 204. In some embodiments, there may be Ncopies intended for M different interfaces and some of the interfacesmay get more than one copy. At stage 607, the one or more copies of thepacket may be modified by performing “NAT-like translation”. At stage608, the one or more copies of the packet may be modified by performing“proxy translation 2”. At stage 609, some or all of the duplicatedcopies may be optionally delayed (e.g., spreading them over certain timeinterval), and each copy may be then sent to one of interface(s) 204.

FIG. 4F is a flow diagram illustrating the operation of an intermediateproxy, according to another embodiment of the present disclosure. Forease of explanation, method 610 will be described with respect tointermediate proxy 122 of FIG. 2C, as described above and for asituation in which a packet is received on interface(s) 204. However,method 610 is not intended to be limited thereto.

At stage 611, one or more copies of a packet may be received at one ofthe interface(s) 204. At stage 612, the one or more copies of the packetmay be deduplicated (e.g., dropping extra copies as applicable). Thisdeduplication may be performed by the deduplicator 260 using thepacket_ID in a manner similar to that described above. At stage 613,“X-Defragmentation”may be performed on the packet. For example,“X-Defragmentation” may be performed by deduplicator 260. At stage 614,“X-Fragmentation” may be performed on the packet. At stage 615, thepacket may be duplicated to generate one or more copies. Thisduplication may be performed by the duplicator 252 with copy(ies)intended for one or more interface(s) 202. In some embodiments, theremay be N copies intended for M different interfaces and some of theinterfaces may get more than one copy. At stage 616, the one or morecopies of the packet may be modified by performing “reverse NAT-liketranslation”. At stage 617, the one or more copies of the packet may bemodified by performing “reverse proxy translation”. At stage 618, someor all of the duplicated packets may be optionally delayed (e.g.,spreading them over certain time interval), and each copy may be thensent to one of interface(s) 202.

FIG. 4G is a flow diagram illustrating the operation of a proxy router,according to an embodiment of the present disclosure. For ease ofexplanation, method 620 will be described with respect to proxy router123 of FIG. 2D, as described above and for a situation in which a packetis received on interface(s) 202. However, method 620 is not intended tobe limited thereto.

At stage 621, one or more packets may be received at one of theinterface(s) 202. At stage 622, the proxy router may determine (forexample, using the outgoing detector 220) whether the one or morepackets were sent from a latency-oriented router 120. If at stage 622 itis determined that the one or more packets were sent from alatency-oriented router, at stage 623, the one or more packets may bededuplicated (e.g., dropping extra copies as applicable). At stage 624,“X-Defragmentation” may be performed on the packet. The process may thenproceed to stage 404 of FIG. 4A to determine the type of the packet. Thepacket may then continue to be processed by the proxy router 123according to stages 406-418 of FIG. 4A.

Upon a determination at stage 622 that the one or more packets receivedat interface(s) 202 were not sent from a latency-oriented router, theprocess may then proceed to stage 404 of FIG. 4A to determine the typeof the packet. The packet may then continue to be processed by the proxyrouter 123 according to stages 406-418 of FIG. 4A.

FIG. 4H is a flow diagram illustrating the operation of a proxy router,according to another embodiment of the present disclosure. For ease ofexplanation, method 630 will be described with respect to proxy router123 of FIG. 2D, as described above and for a situation in which a packetis received on interface(s) 204. However, method 620 is not intended tobe limited thereto.

Method 630 continues from stage 430 of the method of FIG. 4B. In otherwords, when a packet is received at interface(s) 204 of the proxy router123, it is determined whether the packet belongs to latency-criticaltraffic (see stage 424 of FIG. 4B). If the packet belongs tolatency-critical traffic, then the proxy router 123 performs stages 426through 430 as set out in and described with respect to FIG. 4B. Afterthe proxy router 123 performs stage 430 as set out in FIG. 4B, it thenmay proceed to stage 631 in FIG. 4H to determine whether the packetshould be sent to a latency-oriented router. This may be implemented,for example, by checking whether the session to which the packet belongsis a session coming from a latency-oriented router. If at stage 631 itis determined that the packet should be sent to a latency-orientedrouter, at stage 632 “X-Fragmentation” may be performed on the packet.At stage 633, the packet may be duplicated to generate one or morecopies. In some embodiments, there may be N copies intended for Mdifferent interfaces and some of the interfaces may get more than onecopy. At stage 634, some or all of the duplicated copies may beoptionally delayed (e.g., spreading them over certain timer interval),and each copy may be then sent to one of the interface(s) 202.

Upon a determination at stage 631 that the packet should not be sent toa latency-oriented router, at stage 634 the packet may be sent to one ofthe interface(s) 202.

FIG. 4I is a flow diagram illustrating the operation of a simple proxy,according to an embodiment of the present disclosure. For ease ofexplanation, method 640 will be described with respect to simple proxy124 of FIG. 2E, as described above and for a situation in which a packetis received on interface(s) 202. However, method 640 is not intended tobe limited thereto.

At stage 641, a packet may be received at one of the interface(s) 202.At stage 642, the packet may be modified by performing “proxytranslation 2”. At stage 643, the packet may be modified by performing“proxy translation”. At stage 634, the packet may be sent to one ofinterface(s) 204.

FIG. 4J is a flow diagram illustrating the operation of a simple proxy,according to another embodiment of the present disclosure. For ease ofexplanation, method 650 will be described with respect to simple proxy124 of FIG. 2E, as described above and for a situation in which a packetis received on interface(s) 204. However, method 650 is not intended tobe limited thereto.

At stage 651, a packet may be received at one of interface(s) 204. Atstage 652, the packet may be modified by performing “reverse proxytranslation”. For example, reverse proxy translator 289 may perform“reverse proxy translation”. At stage 653, the packet may be sent to oneof interface(s) 202.

In some embodiments, packets such as, without limitation, IP, TCP and/orUDP packets may be transferred using “latency-optimized UDP-over-TCP” asdescribed below. This technique may be particularly useful in the eventusing a UDP connection presents latency advantages, but a UDP connectionbetween the relevant communicating points is not available (for example,because of firewalls blocking a UDP connection). It is to be understoodthat, within the context of present disclosure, “latency-optimizedUDP-over-TCP” may be used whenever sending packets, including, but notlimited to, IP, TCP and/or UDP packets is mentioned, especially forpackets sent between latency-oriented router 120 and any of the proxiessuch as, without limitation, a simple proxy, intermediate proxy orlatency-oriented proxy.

In some embodiments, “latency-optimized UDP-over-TCP” may be implementedas follows. On the sending side, each “forwarded packet” which isprovided by an upper OSI layer (such as, without limitation, anapplication layer) for sending may be sent within a TCP packet, whichmay involve “wrapping” of the whole “forwarded packet” or some partsthereof, such as payload. Such TCP packets may be formed according toRFC793 (the entirety of which is incorporated herein by reference) andmay include options according to any other RFCs on TCP, including, butnot limited to, RFC2018 and/or RFC7323, the entirety of both of which isincorporated herein by reference. Such formation of TCP packets mayinclude formatting all the fields of the corresponding TCP headeraccording to RFC793. In some embodiments, the logic of TCP stack asdescribed in RFC793 and/or established TCP practices may be modified inone or more of the following ways. First, each of the “forwardedpackets” may cause the sender to send a TCP packet (this may include notusing Nagle's algorithm). Second, the sender may avoid combining“forwarded packets” with other portions of the TCP stream, keeping aone-to-one correspondence between the “forwarded packets” and TCPpackets. Third, retransmit packet policies may vary from established TCPpractices. In some embodiments, retransmits may be delayed or skippedcompletely. Fourth, a “TCP Window” field may be compliant with RFC793but may advertise a TCP window that is sufficient to transfer the nextpacket at all times or almost at all times. This may be achieved, forexample, by setting “TCP receive window” on the receiving side, asdescribed in more detail below.

On the receiving side, each TCP packet may be received separately. Acorresponding “forwarded packet”, such as an IP packet and/or UDPpacket, may be extracted from each received TCP packet (for example, via“unwrapping”) and forwarded to the upper OSI layer (such as anapplication layer) upon receipt of such TCP packet, regardless of anymissing segments. This process may differ from conventional TCPimplementations, which do not forward data to the upper OSI layer untilall missing segments up to the current point in the TCP stream arereceived so that the stream goes uninterrupted.

The process described above may provide a valid TCP stream whereinpacket-inspecting firewalls may let such TCP stream through. The TCPstream may have UDP-based packet exchanges, which may provide betterlatencies. However, the process described above may face problems if anen route firewall reassembles the TCP stream and then re-issues validTCP packets (which may be of different sizes) from such reassembledstream. Although this practice is valid for the TCP stream, thispractice may break the one-to-one correspondence of “forwarded packets”to TCP packets, which may in turn break the operation of“latency-optimized UDP-over-TCP”. The following processes may help toaddress this issue.

In some embodiments, a “sender” of “latency-optimized UDP-over-TCP” maymark boundaries of the “forwarded packets”. This may be done in one ormore of the following ways. Boundaries may be marked by choosing a fixedvalue for a “boundary byte”, by “escaping” such “boundary byte” within“forwarded packets” and adding such “boundary byte” to the packetboundaries by, for example, prepending each “forwarded packet” with such“boundary byte”. This ensures that each “boundary byte” within a TCPstream may represent an inter-packet boundary. Boundaries may also bemarked by encoding “forwarded packet” using encoding that uses less than256 values (such as, without limitation, base64 encoding, base255encoding, uuencoding, yEnc encoding or URL encoding) and using one ofthe unused values as a “boundary byte”. As an illustrative example, ifbase64 is used, then there may be 256−64=192 values to choose as a“boundary byte”. Each such “boundary byte” within the TCP stream mayrepresent an inter-packet boundary. Additionally, boundaries may bemarked by using an “escaped bitstream”, as described in more detailbelow. Boundaries may also be marked by adding a size and/or checksumfields (wherein such checksum may be of any kind, including, but notlimited to, any kind of Fletcher checksum, any kind of CRC checksum orany kind of crypto checksum such as SHA-256, SHA-3 or BLAKE) to each ofthe “forwarded packets” in the TCP stream. The receiver on the receivingside may attempt to assume that a “forwarded packet” starts at a certainpoint and then check whether the size and/or checksum match. If there isa match, the receiver's assumption stands, and the “forwarded packet”may be extracted from the stream. In some embodiments, the receiver mayattempt to assume that a “forwarded packet” starts at each of the bytesof received stream. In some embodiments, a “boundary byte” may be addedto the stream, and only these “boundary bytes” may be used for makingthe assumption about the forwarded packet starting point. In such case,“boundary bytes” may be used without escaping/encoding the body of the“forwarded packet”.

In some embodiments, “escaping” may be implemented by selecting three1-byte constants: “escape byte”, “v0” and “v1” and/or by replacing the“escape byte” within the body with 2 bytes, i.e., “escape byte” “v0”,and replacing the “boundary byte” with 2 bytes, i.e., “escape byte”“v1”. In the worst case, such implementation may lead to 100 percentoverhead of “escaping”. In other embodiments, “escaping” may involveselecting a value for “escape byte” and using the next byte after“escape byte” to store any number, n (for example, n=5), of ternarydigits. It should be noted that n may be equal to any integer. Each ofthe digits may have three possible values which symbolize where the nextbyte in the output should come from. The first value may indicate thatthe next byte is a “boundary byte”; the second value may indicate thatthe next byte is an “escape byte”; and the third value may indicate thatthe next byte is to be taken from the bytes coming after the “escapebyte”. In this manner, “escape byte”+following byte may be used toencode up to five bytes. This process may limit the worst-case overheadof “escaping” to 20 percent.

In some embodiments, an “escaped bitstream” may be implemented asfollows. A bit-oriented encoding which takes symbols and emits sequencesof bits may be used. Examples of such bit-oriented encodings include,without limitation, Huffman coding and Huffman-like coding as describedin Sergey Ignatchenko, “An Algorithm for Online Data Compression”, C/C++Users Journal, Volume 16, Number 10 (October 1998). Next, to input thevocabulary of the symbols for the bit-oriented encoding, one or morespecial symbol(s) may be inserted in case the output bitstream containsa “boundary byte”, and rather than carrying information about theencoded output, it may be used to ensure that the “boundary byte” doesnot appear in the bitstream.

Examples of such special symbols may include, without limitation, ano-op symbol and/or a symbol indicating that a certain portion of thebitstream or bytestream following such special symbol is inverted. Insome embodiments, the no-op symbol may have an encoding length which isodd. Such no-op symbol may be used to “shift” the subsequent bitstreamand avoid the “boundary byte” present in the output. In someembodiments, the symbol indicating an inversion of a portion of thebitstream or bytestream may indicate that bits in the next symbol areinverted. In other embodiments, such symbol may indicate that the nextbyte in the bytestream is inverted. In some embodiments, such specialsymbol(s) may be inserted into the bitstream when inserting the next“normal” symbol in the bitstream would cause the output bytestream tocontain a “boundary byte”. An “escaped bitstream” may allow forcombining compression (such as, without limitation, Huffman orHuffman-like compression) with provision of guarantees that the encoded“forwarded packets” will not contain “boundary bytes”.

In some embodiments, to implement an “escaped bitstream”, eight specialno-op symbols may be introduced into the input vocabulary of Huffman orHuffman-like encoding. All such special symbols may have the sameodd-number encoded bitsize, wherein bitsize ≤15, and three bits in theencoding (the first, last and middle bits) have all possiblecombinations (i.e., (0,0,0), (0,0,1), (0,1,0), (0,1,1), (1,0,0),(1,0,1), (1,1,0) and (1,1,1)). The encoding parameters and/or tables maybe chosen in a way such that all other symbols in the input vocabularymay be encoded with no more than 14 bits. Prior to adding each symbolinto the bitstream, the bitstream may be checked for whether adding asymbol would create a “boundary byte”. If so, one of the eight no-opsymbols may be selected to avoid creating “boundary bytes” and may beadded to the output stream. This procedure for adding a symbol may berepeated. It should be noted that in some cases, the procedure describedabove may result in the addition of more than one special no-op symbol.

In some embodiments, upon receiving each TCP packet, the receiver of“latency-optimized UDP-over-TCP” may do one or more of the following.The receiver may check whether the TCP packet corresponds to a“forwarded packet”. If so, the “forwarded packet” may be extracted andforwarded to an upper protocol layer for further processing. If not, aportion of the TCP stream may be reassembled by combining the TCPpayload with the TCP payload from the previously received TCP packets.Then an attempt can be made to find one or more of the “forwardedpackets” within this portion of TCP stream. It should be noted that,unlike in traditional TCP, UDP-over-TCP portions of a TCP stream mayhave “gaps” between them, and these “gaps” should not prevent furtheranalysis as described below. The receiver of “latency-optimizedUDP-over-TCP” may also extract a “forwarded packet”, if there is one,from any of the reassembled portions of the TCP stream. Once the“forwarded packet” is extracted, the receiver may forward it to theupper protocol layer. The detection of “forwarded packets” inreassembled portions of TCP streams may be implemented based on markedboundaries of “forwarded packets”, such as, without limitation, on“boundary bytes” and/or checksums. In some embodiments, each “boundarybyte” may indicate the start of the “forwarded packet”. In otherembodiments, more complicated detection methods (including, but notlimited to, checksums as described in more detail above) may be used.

The embodiment described above may operate properly in the presence offirewalls that may reassemble and then re-issue TCP stream, whilesimultaneously providing improved latency in the case of packets lostbetween a firewall and the receiver.

In some embodiments, “latency-optimized UDP-over-TCP” may be implementedas a custom TCP stack that operates according to the description above.Such implementation of “latency-optimized UDP-over-TCP” may apply to thesender, receiver or both. In some embodiments, the sender may beimplemented as a unit preparing a TCP stream with “boundary bytes”and/or checksums, as described in more detail above, on top of atraditional TCP stack by, for example, disabling a Nagle algorithm forthe traditional TCP stack. In one non-limiting example, this may beimplemented using a TCP_NODELAY socket option on a Berkeley socket. Insome embodiments, the receiver may be implemented using a traditionalTCP stack as follows. A library (such as, without limitation, libpcap orlibnetfilter) which allows “sniffing” of the incoming packets, or anetwork filter driver (including, but not limited to, all techniquesassociated with Windows Filtering Platform, NDIS drivers and/or Linuxnetwork filter drivers) may be used to copy relevant TCP packets as theyare received. The original packet may proceed to the traditional TCPstack, where such packet may be processed (for example, by a traditionalBerkeley socket), and all the contents from such socket may be ignored.Such processing by a traditional TCP stack may ensure that allretransmits are handled by the TCP stack. A copy of the original packetmay be processed by, without limitation, reassembling portions of theTCP stream and/or finding, extracting and/or forwarding the “forwardedpackets” from TCP packets and/or reassembled portions of the TCP stream,all of which are described in more detail above. In some embodiments,instead of making a copy of the TCP packet, the TCP packet may beprocessed as it passes the filter/sniffing library and/or driver. Insome embodiments, a TCP receive buffer on the receiving side may be setto a relatively high value (for example, over 10 Kbytes). In someembodiments, a TCP receive buffer may be calculated as a product of anormal data stream for the application over a period of severalround-trip times (for example, five to ten round-trip times). In someembodiments, instead of calculating round-trip times, an upper-boundestimate (such as one second) may be used as a period for conducting thecalculations described above. The size of the TCP receive buffer may beset by using, without limitation, a SO_RCVBUF TCP socket option or anysimilar socket option. This may facilitate sufficient values for the TCPwindow to be advertised to the sending side, which may be done by theTCP stack itself, based on the size of the TCP receive buffer.

In some embodiments, “latency-oriented UDP-over-TCP” may also include(a) trying to send packets over UDP, (b) detecting that replies are notreceived for a significant time (such as 1 to 30 seconds), and (c)switching to “latency-oriented UDP-over-TCP” as described above. Suchprocess may allow for automatic detection of UDP-unfriendly firewallswithout user intervention. In some embodiments, such automatic detectionmay be made on a per-interface basis.

In some embodiments, “latency-oriented UDP-over-TCP” may include forminga TCP stream, which, from the point of view of a third-party observer,may be indistinguishable from a valid Secure Sockets Layer (SSL) and/orTLS stream (for example, as described in RFC5246, the entirety of whichis incorporated herein by reference). Such formation of a TCP screen mayinclude one or more of the following: establishing a valid SSL and/orTLS stream or a “handshake”; and/or wrapping all the “forwarded packets”within “TLS records” (as described in RFC5246) as, for example,application_dataTLS records. Since application_data is generallyencrypted after a handshake, there may be no way for an intermediary todetect the contents within application_data records. In someembodiments, contents within TLS records may be not compliant with TLSspecifications, but instead may simply contain the “forwarded packets”and/or boundary bytes. In some embodiments, one “forwarded packet” perTLS record may be used; in other embodiments, multiple “forwardedpackets” per TLS record may be used. In some embodiments, some or all“forwarded packets” may span different TLS records. In some embodiments,“boundary bytes” described above may reside within TLS records. Some ofthe data within TLS records (for example, “forwarded packets” but not“boundary bytes”) may be encrypted and/or scrambled to make them looklike white noise to the potential third-party observers. All thesemeasures may allow for communication that is indistinguishable from avalid SSL and/or TLS stream to a third-party observer and may facilitatecommunication in environments where third-party firewalls inspect thevalidity of SSL and/or TLS streams.

In some embodiments, “latency-oriented UDP-over-TCP” may include forminga TCP stream which, from the point of view of third-party observer, is avalid Websocket stream (as described in RFC6455, the entirety of whichis incorporated herein by reference). This may include one or more ofthe following: establishing a valid Websocket “handshake” (which mayinvolve an HTTP/HTTPS request); and/or wrapping all the “forwardedpackets” within “Websocket frames” (as described in RFC6455). In someembodiments, one “forwarded packet” per “Websocket frame” may be used;in other embodiments, multiple “forwarded packets” per “Websocket frame”may be used. In some embodiments, some or all “forwarded packets” mayspan different “Websocket frames”. In some embodiments, “boundary bytes”described above may reside within “Web socket frames”. All thesemeasures may allow for communication that is indistinguishable from avalid Websocket stream to a third-party observer and may facilitatecommunication in environments where third-party firewalls inspect thevalidity of HTTP and/or Websocket streams.

It should be understood that whenever sending a packet (such as a UDPpacket and/or IP packet) is referred to throughout this disclosure, thepayload of such packets may be encoded using any forward errorcorrection mechanism, including, but not limited to, Hamming codes,Reed-Solomon codes and convolutional codes, and any forward errorcorrection mechanism currently known or developed in the future.

It is to be understood that “adding fields” (for example, to a packet)or “wrapping” as discussed within the present disclosure may beaccomplished in a variety of ways including, but not limited to: (a)wrapping, (b) adding field(s) to the beginning of the packet, and/or (c)adding field(s) to the end of the packet. The field that may be addedthe beginning or end of a packet may have a fixed or variable size. Ifthe field added is of a variable size, then the size of the field may bederived from the data within the field (for example, as in VLQ coding).If VLQ or other variable-size field(s) is added to the end of a packet,the field(s) may be written in a reverse byte order to facilitatedetermination of size starting from the end of the packet.

It should be understood that, throughout this disclosure,stream-oriented connections and/or protocols, including, but not limitedto, QUIC, UDP Torrent tracker and Stream Control Transmission Protocolmay be used in a similar manner as a TCP connection and/or protocol.Additionally, all the protocols running on top of the aforementionedstream-oriented connections and/or protocols, including, but not limitedto, HTTP, HTTPS and SPDY, may use features described within the contextof the present disclosure by being implemented on top of the applicablestream-oriented connections and/or protocol.

It would be apparent to one skilled in the relevant arts that thepresent disclosure, as described above, can be implemented in manydifferent embodiments of software, hardware, firmware, and/or theentities illustrated in the figures. Any actual software code with thespecialized control of hardware to implement the present disclosure isnot limiting of the present disclosure. Thus, the operational behaviorof the present disclosure has been described with the understanding thatmodifications and variations of the embodiments are possible, and withinthe scope and spirit of the present disclosure. Various aspects of thepresent disclosure can be implemented by software, firmware, hardware,or a combination thereof. In an example of a variation, elements orprocesses of latency-oriented router 120, latency-oriented proxy 121,intermediate proxy 122, proxy router 123, and/or simple proxy 124 inFIGS. 2A-2E may be further configured to run in parallel. Such parallelexecution of these processes may increase the efficiency and speed oflatency-oriented router 120.

In addition to other embodiments discussed herein, the presentdisclosure provides for the following clauses which are directed tonon-limiting embodiments of the present disclosure:

Clause 1: A method of managing packets, the method comprising:receiving, by a routing device comprising a plurality of interfaces, aplurality of packets having a plurality of fields, wherein the routingdevice is communicatively coupled to a plurality of devices via theplurality of interfaces; identifying, by the routing device, at leastone latency-critical packet and at least one non-critical packet in theplurality of packets based on one or more packet characteristics;generating, by the routing device, at least a first copy-packet of theat least one latency-critical packet, wherein the routing device doesnot generate copies of the at least one non-critical packet;transmitting, by the routing device, the at least one latency-criticalpacket to a first target device via a first interface and the at leastfirst copy-packet to the first target device via a second interface; andtransmitting, by the routing device, the at least one non-criticalpacket to at least one device of the plurality of the devices.

Clause 2: The method of clause 1, further comprising: identifying, bythe routing device, a target address field in the plurality of fields ofthe at least one latency-critical packet; and changing, by the routingdevice, a content of the target address field to reflect an address ofthe first target device.

Clause 3: The method of clause 2, wherein changing the content of thetarget address field is performed before generating the at least firstcopy-packet.

Clause 4: The method of any of the preceding clauses, wherein the firsttarget device is a latency-oriented proxy.

Clause 5: The embodiment of any of the preceding clauses, furthercomprising: identifying, by the routing device, a first source addressfield in the plurality of fields of the at least one latency-criticalpacket; identifying, by the routing device, a second source addressfield in the plurality of fields of the at least first copy-packet;changing, by the routing device, a content of the first source addressfield to reflect an address of the first interface; and changing, by therouting device, a content of the second source address field to reflectan address of the second interface.

Clause 6: The method of any of the preceding clauses, wherein the firstinterface and the second interface are physical interfaces.

Clause 7: The method of any of clauses 1 to 5, wherein the firstinterface and the second interface are virtual interfaces, and whereinthe virtual interfaces are configured to transmit and receive packetsvia a physical interface of the routing device, and wherein the virtualinterfaces are configured to have a different address than the physicalinterface.

Clause 8: The method of any of clauses 1 to 5 or 7, wherein the routingdevice transmits two different copy-packets via the physical interfaceusing a plurality of virtual interfaces configured to transmit packetsvia the physical interface.

Clause 9: The method of any of the preceding clauses, wherein a packetin the plurality of packets is an IPv4 packet or an IPv6 packet.

Clause 10: The method of any of the preceding clauses, furthercomprising storing, by the routing device, the at least onelatency-critical packet and the at least first copy-packet into aprioritized queue.

Clause 11: The method of an of the preceding clauses, further comprisingstoring, by the routing device, the at least one non-critical packetinto a non-prioritized queue.

Clause 12: The method of any of the preceding clauses, wherein therouting device prioritizes transmission of the at least onelatency-critical packet and the at least first copy-packet overtransmission of the at least one non-critical packet.

Clause 13: The method of any of the preceding clauses, wherein therouting device transmits more copies of the at least onelatency-critical packet than the at least one non-critical packet.

Clause 14: The method of any of the preceding clauses, wherein the oneor more packet characteristics is selected from the group comprising: aport number, an IP address, a protocol, a domain name, and a value of adifferential services field.

Clause 15: The method of any of the preceding clauses, whereinidentifying, by the routing device, the at least one latency-criticalpacket in the plurality of packets comprises determining that a DSCPvalue within a differential services field of the plurality of fields ofthe plurality of packets matches a predefined value.

Clause 16: The method of any of the preceding clauses, wherein theplurality of fields of the at least one latency-critical packetcomprises a differential services field including a DSCP value, themethod further comprising modifying, by the routing device, the DSCPvalue to a predefined value.

Clause 17: The method of clause 16, wherein modifying the DSCP value isperformed before generating the at least first copy-packet.

Clause 18: The method of clause 16, wherein modifying the DSCP value ofthe differential services field of the at least one latency-criticalpacket is limited by a rate at which the router receives the at leastone latency-critical packets.

Clause 19: The method of clause 18, wherein the limit is determinedbased on statistics on a number of the at least one latency-criticalpackets having a same DSCP value.

Clause 20: The method of any of the preceding clauses, wherein the atleast one latency-critical packet comprises a target IP address fieldincluding a target IP address associated with the first target device,and wherein identifying the at least one latency-critical packet furthercomprises determining that the target IP address in the target IPaddress field is one of IP addresses associated with an autonomoussystem according to an autonomous system table.

Clause 21: The method of any of the preceding clauses, wherein at leastone autonomous system listed in the autonomous system table indicates anapp type associated with the at least one autonomous system, and whereinidentifying the at least one latency-critical packet further comprisesdetermining the app type associated with the at least onelatency-critical packet according to the autonomous system table.

Clause 22: The method of any of the preceding clauses, wherein the atleast one latency-critical packet comprises a target port fieldassociated with a networking protocol, and wherein the routing deviceidentifies the at least one latency-critical packet based upon thetarget port field.

Clause 23: The method of any of the preceding clauses, wherein therouting device stores each of the at least one latency-critical packetand each of the at least one non-critical packet in a queue, and whereinthe routing device selects a next packet to transmit from the queuebased upon an active queue management algorithm.

Clause 24: The method clause 23, wherein the active queue managementalgorithm is selected from the group comprising: random early detection,controlled delay, class-based queue scheduling, hierarchical tokenbucket, and hierarchical fair service curve.

Clause 25: A routing device comprising: a plurality of interfacesconfigured to receive and transmit a plurality of packets having aplurality of fields, wherein the routing device is communicativelycoupled to a plurality of devices via the plurality of interfaces; and aprocessor configured to: identify at least one latency-critical packetand at least one non-critical packet in the plurality of packets basedon one or more packet characteristics; generate at least a firstcopy-packet of the at least one latency-critical packet, wherein therouting device does not generate copies of the at least one non-criticalpacket; transmit the at least one latency-critical packet to a firsttarget device via a first interface and the at least one copy-packet tothe first target device via a second interface; and transmit the atleast one non-critical packet to at least one device of the plurality ofdevices.

Clause 26: The routing device of clause 25, wherein the processor isfurther configured to: identify a target address field in the pluralityof fields of the at least one latency-critical packet; and change thecontent of the target address field to reflect an address of the firsttarget device.

Clause 27: The routing device of clause 26, wherein the processor isfurther configured to change the content of the target address fieldbefore the processor generates the at least first copy-packet.

Clause 28: The routing device of any of clauses 25 to 27, wherein thefirst target device is a latency-oriented proxy.

Clause 29: The routing device of any of clauses 25 to 28, wherein theprocessor is further configured to: identify a first source addressfield in the plurality of fields of the at least one latency-criticalpacket; identify a second source address field in the plurality offields of the at least first copy-packet; change the content of thefirst source address field to reflect an address of the first interface;and change the content of the second target address field to reflect anaddress of the second interface.

Clause 30: The routing device of any of clauses 25 to 29, wherein thefirst interface and the second interface are physical interfaces.

Clause 31: The routing device of any of clauses 25 to 29, wherein thefirst interface and the second interface are virtual interfaces, andwherein the virtual interfaces are configured to transmit and receivepackets via a physical interface of the routing device, and wherein thevirtual interfaces are configured to have a different address than thephysical interface.

Clause 32: The routing device of any of clauses 25 to 39 or 31, whereinthe processor transmits two different copy-packets via the physicalinterface using a plurality of virtual interfaces configured to transmitpackets via the physical interface.

Clause 33: The routing device of any of clauses 25 to 32, wherein apacket in the plurality of packets is an IPv4 packet or an IPv6 packet.

Clause 34: The routing device of any of clauses 25 to 33, wherein theprocessor is further configured to store the at least onelatency-critical packet and the at least first copy-packet in aprioritized queue.

Clause 35: The routing device of any of clauses 25 to 34, wherein theprocessor is further configured to store the at least one non-criticalpacket into a non-prioritized queue.

Clause 36: The routing device of any of clauses 25 to 35, wherein theprocessor is further configured to prioritize transmission of the atleast one latency-critical and the at least first copy-packet overtransmission of the at least one non-critical packet.

Clause 37: The routing device of any of clauses 25 to 36, wherein theprocessor is further configured to transmit more copies of the at leastone latency-critical packet than the at least one non-critical packet.

Clause 38: The routing device of any of clauses 25 to 37, wherein theone or more packet characteristics is selected from the groupcomprising: a port number, an IP address, a protocol, a domain name, anda value of a differential services field.

Clause 39: The routing device of any of clauses 25 to 38, wherein toidentify the at least one latency-critical packet in the plurality ofpackets the routing device is further configured to determine that aDSCP value within a differential services field of the plurality offields of the plurality of packets matches a predefined value.

Clause 40: The routing device of any of clauses 25 to 39, wherein theplurality of fields of the at least one latency-critical packetcomprises a differential services field including a DSCP value, andwherein the processor is further configured to modify the DSCP value toa predefined value.

Clause 41: The routing device of clause 40, wherein the processormodifies the DSCP value before the processor generates the at leastfirst copy-packet.

Clause 42: The routing device of clause 40, wherein modifying the DSCPvalue of the differential services field of the at least onelatency-critical packet is limited by a rate at which the routerreceives the at least one latency-critical packets.

Clause 43: The routing device of clause 42, wherein the limit isdetermined based on statistics on a number of the at least onelatency-critical packets having a same DSCP value.

Clause 44: The routing device of any of clauses 25 to 43, wherein the atleast one latency-critical packet comprises a target IP address fieldincluding a target IP address associated with the first target device,and wherein to identify the at least one latency-critical packet theprocessor is further configured to determine that the target IP addressin the target IP address field is one of IP addresses associated with anautonomous system according to an autonomous system table.

Clause 45: The routing device of any of clauses 25 to 44, wherein atleast one autonomous system listed in the autonomous system tableindicates an app type associated with the at least one autonomoussystem, and wherein to identify the at least one latency-critical packetthe processor is further configured to determine the app type associatedwith the at least one latency-critical packet according to theautonomous system table.

Clause 46: The routing device of any of clauses 25 to 45, wherein the atleast one latency-critical packet comprises a target port fieldassociated with a networking protocol, and wherein the processoridentifies the at least one latency-critical packet based upon thetarget port field.

Clause 47: The routing device of any of clauses 25 to 46, wherein theprocessor stores each of the at least one latency-critical packet andeach of the at least one non-critical packet in a queue, and wherein theprocessor selects a next packet to transmit from the queue based upon anactive queue management algorithm.

Clause 48: The routing device of clause 47, wherein the active queuemanagement algorithm is selected from the group comprising: random earlydetection, controlled delay, class-based queue scheduling, hierarchicaltoken bucket, and hierarchical fair service curve.

Clause 49. A method of managing packets, the method comprising:receiving, by a routing device comprising at least a first interface, aplurality of packets having a plurality of fields, wherein the routingdevice is communicatively coupled to a plurality of devices;identifying, by the routing device, at least a first latency-criticalpacket and at least one non-critical packet in the plurality of packetsbased upon one or more packet characteristics; generating, by therouting device, at least a first copy-packet of the latency-criticalpacket, wherein the routing device does not generate copies of the atleast one non-critical packet; transmitting, by the routing device, theat least first latency-critical packet and the at least firstcopy-packet to a first target device via the first interface; andtransmitting, by the routing device, the at least one non-criticalpacket to at least one device of the plurality of the devices.

Clause 50: The method of clause 49, further comprising: identifying, bythe routing device, a target address field in the plurality of fields ofthe at least first latency-critical packet; and changing, by the routingdevice, a content of the target address field to reflect an address ofthe first target device.

Clause 51: The method of clause 50, wherein the step of changing thecontent of the target address field is performed before the step ofgenerating the at least first copy-packet.

Clause 52: The method of any of clauses 49 to 51, wherein the firsttarget device is a latency-oriented proxy.

Clause 53: The method of any of clauses 49 to 52, further comprising:identifying, by the routing device, a first source address field in theplurality of fields of the at least first latency-critical packet;identifying, by the routing device, a second source address field in theplurality of fields of the at least first copy-packet; and changing, bythe routing device, a content of the first source address field and acontent of the second source address field to reflect an address of thefirst interface.

Clause 54: The method of any of clauses 49 to 53, wherein the firstinterface is a physical interface.

Clause 55: The method of any of clauses 49 to 54, wherein the firstinterface is a virtual interface, and wherein the virtual interface isconfigured to transmit and receive packets via a physical interface, andwherein the virtual interface is configured to have a different addressthan the physical interface.

Clause 56: The method of any of clauses 49 to 55, further comprisingdelaying, by the routing device, transmission of the at least firstcopy-packet with respect to the transmission of the at least firstlatency-critical packet according to a time period.

Clause 57: The method of any of clauses 49 to 56, further comprising:identifying, by the routing device, at least one characteristic of theat least first latency-critical packet; and determining, by the routingdevice, the time period for delaying transmission of the at least firstcopy-packet with respect to the transmission of the at least firstlatency-critical packet based upon the at least one characteristic.

Clause 58: The method of any of clauses 49 to 57, wherein the at leastone characteristic of the at least first latency-critical packet isselected from the group comprising an app type and a detected packetrate, and wherein the detected packet rate is a number oflatency-critical packets received over a predetermined amount of time.

Clause 59: The method of any of clauses 49 to 58, further comprising:establishing, by the routing device, a latency-critical session for theat least first latency-critical packet based on at least onecharacteristic of the at least first latency-critical packet; receiving,by the routing device, at least a second latency-critical packet havinga same at least one characteristic as the at least firstlatency-critical packet; prioritizing, by the routing device,transmission of the at least second latency-critical packet overtransmission of a received non-critical packet.

Clause 60: The method of any of clauses 49 to 59, wherein the timeperiod for delaying transmission of the at least first copy-packet withrespect to transmission of the at least first latency-critical packet isbased upon a synchronization technique, and wherein the synchronizationtechnique is a phase-locked loop or a delay-locked loop.

Clause 61: The method of any of clauses 49 to 60, wherein the routingdevice identifies the at least first latency-critical packet based uponat least one characteristic of the at least first latency-criticalpacket, and wherein the at least one characteristic is selected from thegroup comprising: a port number, an IP address, a protocol, a domainname, and a value of a differential services field.

Clause 62: The method of any of clauses 49 to 61, wherein a packet inthe plurality of packets is an IPv4 packet or an IPv6 packet.

Clause 63: The method of any of clauses 49 to 62, wherein identifying,by the routing device, the at least one latency-critical packet in theplurality of packets comprises determining that a DSCP value within adifferential services field of the plurality of fields of the pluralityof packets matches a predefined value.

Clause 64: The method of any of clauses 49 to 63, wherein the pluralityof fields of the at least one latency-critical packet comprises adifferential services field including a DSCP value, the method furthercomprising modifying, by the routing device, the DSCP value to apredefined value.

Clause 65: The method of clause 64, wherein the step of modifying theDSCP value is performed before the step of generating the at least firstcopy-packet.

Clause 66: The method of clause 64, wherein modifying the DSCP value ofthe differential services field of the at least one latency-criticalpacket is limited by a rate at which the router receives the at leastone latency-critical packets.

Clause 67: The method of clause 66, wherein the limit is determinedbased on statistics on a number of the at least one latency-criticalpackets having a same DSCP value.

Clause 68: The method of any of clauses 49 to 67, wherein the at leastone latency-critical packet comprises a target IP address fieldincluding a target address associated with the first target device, andwherein identifying the at least one latency-critical packet furthercomprises determining that the target IP address in the target IPaddress field is one of IP addresses associated with an autonomoussystem according to an autonomous system number (ASN) table.

Clause 69: The method of any of clauses 49 to 68, wherein at least oneautonomous system listed in the ASN table indicates an app typeassociated with the at least one autonomous system, and whereinidentifying the at least one latency-critical packet further comprisesdetermining the app type associated with the at least onelatency-critical packet according to the ASN table.

Clause 70: The method of any of clauses 49 to 69, wherein the at leastone latency-critical packet comprises a target port field associatedwith a networking protocol, and wherein the routing device identifiesthe at least one latency-critical packet based upon the target portfield.

Clause 71: The method of any of clauses 49 to 70, wherein the routingdevice stores each of the at least one latency-critical packet and eachof the at least one non-critical packet in a queue, and wherein therouting device selects a next packet to transmit from the queue basedupon an active queue management algorithm.

Clause 72: The method of clause 71, wherein the active queue managementalgorithm is selected from the group comprising: random early detection,controlled delay, class-based queue scheduling, hierarchical tokenbucket, and hierarchical fair service curve.

Clause 73: A routing device comprising: at least a first interfaceconfigured to receive and transmit a plurality of packets having aplurality of fields, wherein the routing device is communicativelycoupled to a plurality of devices; and a processor configured to:identify at least a first latency-critical packet and at least onenon-critical packet in the plurality of packets based upon one or morepacket characteristics; generate at least a first copy-packet of thelatency-critical packet, wherein the routing device does not generatecopies of the at least one non-critical packet; transmit the at leastfirst latency-critical packet and the at least first copy-packet to afirst target device via the first interface; and transmit the at leastone non-critical packet to at least one device of the plurality ofdevices.

Clause 74: The routing device of clause 73, wherein the processor isfurther configured to: identify a target address field in the pluralityof fields of the at least first latency-critical packet; and change thecontent of the target address field to reflect an address of the firsttarget device.

Clause 75: The routing device of clause 74, wherein the processor isfurther configured to change the content of the target address fieldbefore the processor generates the at least first-copy packet.

Clause 76: The routing device of any of clauses 73 to 75, wherein thefirst target device is a latency-oriented proxy.

Clause 77: The routing device of any of clauses 73 to 76, wherein theprocessor is further configured to: identify a first source addressfield in the plurality of fields of the at least first latency-criticalpacket; identify a second source address field in the plurality offields of the at least first copy-packet; and change the content of thefirst source address field and the second source address field toreflect an address of the first interface.

Clause 78: The routing device of any of clauses 73 to 77, wherein thefirst interface is a physical interface.

Clause 79: The routing device of any of clauses 73 to 78, wherein thefirst interface is a virtual interface, and wherein the virtualinterface is configured to transmit and receive packets via a physicalinterface, and wherein the virtual interface is configured to have adifferent address than the physical interface.

Clause 80: The routing device of any of clauses 73 to 79, wherein theprocessor is further configured to delay transmission of the least firstcopy-packet with respect to the transmission of the at least firstlatency-critical packet according to a time period.

Clause 81: The routing device of any of clauses 73 to 80, wherein theprocessor is further configured to: identify at least one characteristicof the at least first latency-critical packet; and determine the timeperiod for delaying transmission of the at least first copy-packet withrespect to the transmission of the at least first latency-criticalpacket based upon the at least one characteristic.

Clause 82: The routing device of any of clauses 73 to 81, wherein the atleast one characteristic of the at least first latency-critical packetis selected from the group comprising an app type and a detected packetrate, and wherein the detected packet rate is a number oflatency-critical packets received over a predetermined period of time.

Clause 83: The routing device of any of clauses 73 to 82, wherein theprocessor is further configured to: establish a latency-critical sessionfor the at least first latency-critical packet based on at least onecharacteristic of the at least first latency-critical packet; receive atleast a second latency-critical packet having a same at least onecharacteristic as the at least first latency-critical packet; prioritizetransmission of the at least second latency-critical packet overtransmission of a received non-critical packet.

Clause 84: The routing device of any of clauses 73 to 83, wherein thetime period for delaying transmission of the at least first copy-packetwith respect to transmission of the at least first latency-criticalpacket is based upon a synchronization technique, and wherein thesynchronization technique is a phase-locked loop or a delay-locked loop.

Clause 85: The routing device of any of clauses 73 to 84, wherein theprocessor is configured to identify the latency-critical packet basedupon at least one characteristic of the at least first latency-criticalpacket, and wherein the at least one characteristic is selected from thegroup comprising: a port number, an IP address, a protocol, a domainname, and a value of a differential services field.

Clause 86: The routing device of any of clauses 73 to 85, wherein apacket in the plurality of packets is an IPv4 packet or an IPv6 packet.

Clause 87: The routing device of any of clauses 73 to 86, wherein toidentify the at least one latency-critical packet in the plurality ofpackets the processor is further configured to determine that a DSCPvalue within a differential services field of the plurality of fields ofthe plurality of packets matches a predefined value.

Clause 88: The routing device of any of clauses 73 to 87, wherein theplurality of fields of the at least one latency-critical packetcomprises a differential services field including a DSCP value, andwherein the processor is further configured to modify the DSCP value toa predefined value.

Clause 89: The routing device of clause 88, wherein the processormodifies the DSCP value before the processor generates the at leastfirst copy-packet.

Clause 90: The routing device of clause 88, wherein modifying the DSCPvalue of the differential services field of the at least onelatency-critical packet is limited by a rate at which the routerreceives the at least one latency-critical packets.

Clause 91: The routing device of clause 90, wherein the limit isdetermined based on statistics on a number of the at least onelatency-critical packets having a same DSCP value.

Clause 92: The routing device of any of clauses 73 to 91, wherein the atleast one latency-critical packet comprises a target IP address fieldincluding a target IP address associated with the first target device,and wherein to identify the at least one latency-critical packet theprocessor is further configured to determine that the target IP addressin the target IP address field is one of IP addresses associated with anautonomous system according to an autonomous system number (ASN) table.

Clause 93: The routing device of any of clauses 73 to 92, wherein atleast one autonomous system listed in the ASN table indicates an apptype associated with the at least one autonomous system, and wherein toidentify the at least one latency-critical packet the processor isfurther configured to determine the app type associated with the atleast one latency-critical packet according to the ASN table.

Clause 94: The routing device of any of clauses 73 to 93, wherein the atleast one latency-critical packet comprises a target port fieldassociated with a networking protocol, and wherein the processoridentifies the at least one latency-critical packet based upon thetarget port field.

Clause 95: The routing device of any of clauses 73 to 94, wherein theprocessor stores each of the at least one latency-critical packet andeach of the at least one non-critical packet in a queue, and wherein theprocessor selects a next packet to transmit from the queue based upon anactive queue management algorithm.

Clause 96: The routing device clause 95, wherein the active queuemanagement algorithm is selected from the group comprising: random earlydetection, controlled delay, class-based queue scheduling, hierarchicaltoken bucket, and hierarchical fair service curve.

Clause 97: A method of managing packets, the method comprising:receiving, by a routing device comprising a plurality of interfaces, afirst packet of a plurality of packets comprising a target address fieldand a source address field, wherein the routing device iscommunicatively coupled to a plurality of devices via the plurality ofinterfaces; generating, by the routing device, a modified first packetfurther comprising a packet identifier field including a packetidentifier; generating, by the routing device, at least a first and asecond fragment from the modified first packet, wherein the at leastfirst and second fragments each comprise a subset of the modified firstpacket and whereby the modified first packet is capable of beingreassembled from the at least first and second fragments, and whereinthe at least first and second fragments each comprise a packetidentifier field having a same packet identifier as the modified firstpacket; generating, by the routing device, at least one fragment-copy ofthe first fragment, wherein the at least one fragment-copy of the firstfragment comprises a packet identifier field having a same packetidentifier as the first fragment; generating, by the routing device, atleast one fragment-copy of the second fragment, wherein the at least onefragment-copy of the second fragment comprises a packet identifier fieldhaving a same packet identifier as the second fragment; andtransmitting, by the routing device, the first fragment, the at leastone fragment-copy of the first fragment, the second fragment and the atleast one fragment copy of the second fragment to a target device.

Clause 98: The method clause 97, wherein the transmitting comprises:transmitting the first fragment and a first fragment-copy of the secondfragment to the target device via a first interface; and transmittingthe second fragment and a first fragment-copy of the first fragment tothe target device via a second interface.

Clause 99: The method of any of clauses 97 or 98, wherein the firstinterface and the second interface are physical interfaces.

Clause 100: The method of any of clauses 97 or 98, wherein the firstinterface and the second interface are virtual interfaces, and whereinthe virtual interfaces are configured to transmit and receive packets orfragments via a physical interface of the routing device, and whereinthe virtual interfaces are configured to have a different address thanthe physical interface.

Clause 101: The method of any of clauses 97 to 100, wherein the firstfragment, the first fragment-copy of the first fragment, the secondfragment, and the first fragment-copy of the second fragment eachfurther comprise a source address field, the method further comprising:changing, by the routing device, a content of the source address fieldof the first fragment and a content of the source address field of thefirst fragment-copy of the second fragment to reflect an address of thefirst interface; and changing, by the routing device, a content of thesource address field of the second fragment and a content of the sourceaddress field of the first fragment-copy of the first fragment toreflect an address of the second interface.

Clause 102: The method of any of clauses 97 to 101, further comprising:delaying, by the routing device, transmission of a first fragment-copyof the first fragment with respect to transmission of the first fragmentaccording to a first time period; and delaying, by the routing device,transmission of a first fragment-copy of the second fragment withrespect to transmission of the second fragment according to a secondtime period.

Clause 103: The method of clause 102, wherein the first time period andthe second time period are the same.

Clause 104: The method of clause 102, further comprising: identifying,by the routing device, at least one characteristic of the first packet;and determining, by the routing device, the first and the second timeperiods based upon the at least one characteristic.

Clause 105: The method of clause 104, wherein the at least onecharacteristic of the first packet is selected from the group comprisingan app type and a detected packet rate, and wherein the detected packetrate is a number of the plurality of packets received over apredetermined amount of time.

Clause 106: The method of any of clauses 97 to 105, further comprisingchanging, by the routing device, a content of the target address fieldof the modified first packet to reflect an address of the target device,and wherein the at least first and second fragments comprise a targetaddress field including the address of the target device.

Clause 107: The method of any of clauses 97 to 106, wherein the at leastfirst and second fragments further comprise a target address field, themethod further comprising: changing the target address field of thefirst fragment to reflect a first address of the target device; andchanging the target address field of the second fragment to reflect asecond address of the target device.

Clause 108: The method of any of clauses 97 to 107, wherein at least onepacket in the plurality of packets is an IPv4 packet or an IPv6 packet.

Clause 109: The method of any of clauses 97 to 108, wherein generatingthe at least first and second fragments further comprises determining,by the routing device, that the first packet exceeds a threshold size.

Clause 110: The method of clause 109, wherein the threshold size isbetween 50 to 100 bytes.

Clause 111: The method of clause 109, wherein the threshold size isbetween 100 to 200 bytes.

Clause 112: The method of any of clauses 109 to 111, wherein thethreshold size is based upon an app type of the first packet.

Clause 113: The method of any of clauses 97 to 112, wherein the at leastfirst and second fragments each further comprise a field indicating atotal number of fragments comprising the modified first packet.

Clause 114: A routing device comprising: a plurality of interfaces,wherein the routing device is communicatively coupled to a plurality ofdevices via the plurality of interfaces; and a processor configured to:receive a first packet of a plurality of packets comprising a targetaddress field and a source address field; generate a modified firstpacket further comprising a packet identifier field including a packetidentifier; generate at least a first and a second fragment from themodified first packet, wherein the at least first and second fragmentseach comprise a subset of the modified first packet and whereby themodified first packet is capable of being reassembled from the at leastfirst and second fragments, and wherein the at least first and secondfragments each comprise a packet identifier field having a same packetidentifier as the modified first packet; generate at least onefragment-copy of the first fragment, wherein the at least onefragment-copy of the first fragment comprises a packet identifier fieldhaving a same packet identifier as the first fragment; generate at leastone fragment-copy of the second fragment, wherein the at least onefragment-copy of the second fragment comprises a packet identifier fieldhaving a same packet identifier as the second fragment; and transmit thefirst fragment, the at least one fragment-copy of the first fragment,the second fragment and the at least one fragment copy of the secondfragment to a target device.

Clause 115: The routing device of clause 114, wherein to transmit theprocessor is configured to: transmit the first fragment and a firstfragment-copy of the second fragment to the target device via a firstinterface; and transmit the second fragment and a first fragment-copy ofthe first fragment to the target device via a second interface.

Clause 116: The routing device of any of clauses 114 or 115, wherein thefirst interface and the second interface are physical interfaces.

Clause 117: The routing device of any of clauses 114 or 115, wherein thefirst interface and the second interface are virtual interfaces, andwherein the virtual interfaces are configured to transmit and receivepackets or fragments via a physical interface of the routing device, andwherein the virtual interfaces are configured to have a differentaddress than the physical interface.

Clause 118: The routing device of any of clauses 114 to 117, wherein thefirst fragment, the first fragment-copy of the first fragment, thesecond fragment, and the first fragment-copy of the second fragment eachfurther comprise a source address field; and wherein the processor isfurther configured to: change a content of the source address field ofthe first fragment and a content of the source address field of thefirst fragment-copy of the second fragment to reflect an address of thefirst interface; and change a content of the source address field of thesecond fragment and a content of the source address field of the firstfragment-copy of the first fragment to reflect an address of the secondinterface.

Clause 119: The routing device of any of clauses 114 to 118, wherein theprocessor is further configured to: delay transmission of the firstfragment with respect to transmission of a first fragment-copy of thefirst fragment according to a first time period; and delay transmissionof the second fragment with respect to transmission of a firstfragment-copy of the second fragment according to a second time period.

Clause 120: The proxy device of clause 119, wherein the first timeperiod and the second time period are the same.

Clause 121: The routing device of clause 119, wherein the processor isfurther configured to: identify at least one characteristic of the firstpacket; and determine the first and the second time periods based uponthe at least one characteristic.

Clause 122: The routing device of clause 121, wherein the at least onecharacteristic of the first packet is selected from the group comprisingan app type and a detected packet rate, and wherein the detected packetrate is a number of the plurality of packets received over apredetermined amount of time.

Clause 123: The routing device of any of clauses 114 to 122, wherein theprocessor is further configured to change a content of the targetaddress field of the modified first packet to reflect an address of thetarget device, and wherein the at least first and second fragmentscomprise a target address field including the address of the targetdevice.

Clause 124: The routing device of any of clauses 114 to 123, wherein theat least first and second fragments further comprise a target addressfield; and wherein the processor is further configured to: change thetarget address field of the first fragment to reflect a first address ofthe target device; and change the target address field of the secondfragment to reflect a second address of the target device.

Clause 125: The routing device of any of clauses 114 to 124, wherein atleast one packet in the plurality of packets is an IPv4 packet or anIPv6 packet.

Clause 126: The routing device of any of clauses 114 to 125, wherein,when the processor is further configured to determine that the firstpacket exceeds a threshold size.

Clause 127: The routing device of clause 126, wherein the threshold sizeis between 50 to 100 bytes.

Clause 128: The routing device of clause 126, wherein the threshold sizeis between 100 to 200 bytes.

Clause 129: The routing device of any of clauses 126 to 128, wherein thethreshold size is based upon an app type of the first packet.

Clause 130: The routing device of any of clauses 114 to 129, wherein theat least first and second fragments each further comprise a fieldindicating a total number of fragments comprising the modified firstpacket.

Clause 131: A method of assembling a packet from a plurality offragments, the method comprising: receiving, by a routing device, from asource device at least a first and a second fragment, wherein eachrespective fragment of the at least first and second fragments comprisesa first field indicating that the respective fragment is associated withthe packet, and one or more fields including information necessary toassemble the packet; receiving, by the routing device, from the sourcedevice at least one copy of the first fragment and at least one copy ofthe second fragment; and assembling, by the routing device, the packetfrom a subset of the at least first fragment, the at least secondfragment, the at least one copy of the first fragment, and the at leastone copy of the second fragment.

Clause 132: The method of clause 131, wherein assembling the packetcomprises: selecting, by the routing device, a first selected-fragmentfrom the group comprising the at least first fragment and the at leastone copy of the first fragment; selecting, by the routing device, asecond selected-fragment from the group comprising the at least secondfragment and the at least one copy of the second fragment; andassembling the packet from the first selected-fragment and the secondselected fragment.

Clause 133: The method of any of clauses 131 or 132, wherein theinformation necessary to assemble the packet comprises informationindicating a position of the at least first and second fragments in asequence of fragments.

Clause 134: The method of any of clauses 131 to 133, wherein the one ormore fields including information necessary to assemble the packetcomprises a second field indicating a total number of fragments requiredto assemble the packet, and a third field indicating a relation of theat least first and second fragments to the total number of fragments.

Clause 135: The method of any of clauses 131 to 134, further comprisingstoring, by the routing device, the assembled packet in a queue.

Clause 136: The method of any of clauses 131 to 135, wherein assemblingthe packet further comprises determining, by the routing device, thatthe respective first field of the at least first fragment, the at leastsecond fragment, the at least one copy of the first fragment, and the atleast one copy of the second fragment has a value associated with thefirst packet.

Clause 137: The method of any of clauses 131 to 136, wherein assemblingthe packet further comprises determining, by the routing device, thatthe routing device has received at least a fragment or a fragment-copyfor each fragment associated with the packet.

Clause 138: The method of any of clauses 131 to 137, wherein determiningthat the routing device has received at least the fragment or thefragment-copy for each fragment associated with the packet comprisesexamining the respective one or more fields of the at least firstfragment, the at least second fragment, the at least one copy of thefirst fragment, and the at least one copy of the second fragment.

Clause 139: The method of any of clauses 131 to 138, wherein the routingdevice comprises an interface, and wherein the routing device receivesthe at least first fragment, the at least second fragment, the at leastone copy of the first fragment, and the at least one copy of the secondfragment via the interface.

Clause 140: The method of any of clauses 131 to 138, wherein the routingdevice comprises a plurality of interfaces, and wherein the routingdevice receives the at least first fragment and the at least one copy ofthe first fragment via a first interface and receives the at leastsecond fragment and the at least one copy of the second fragment via asecond interface.

Clause 141: The method of any of clauses 131 to 140, wherein the firstinterface and the second interface are physical interfaces.

Clause 142: The method of any of clauses 131 to 140, wherein the firstinterface and the second interface are virtual interfaces, and whereinthe virtual interfaces are configured to receive fragments and copies offragments via a physical interface of the routing device, and whereinthe virtual interfaces are configured to have a different address thanthe physical interface.

Clause 143: The method of any of clauses 131 to 138, 141 or 142, whereinthe routing device comprises a plurality of interfaces, and wherein therouting device receives the at least first fragment and the at least onecopy of the second fragment via a first interface and receives the atleast second fragment and the at least one copy of the first fragmentvia a second interface.

Clause 144: The method of any of clauses 131 to 143, wherein theassembled packet comprises a target address field, the method furthercomprising changing, by the routing device, a content of the targetaddress field to reflect an address of a target device.

Clause 145: The method of any of clauses 131 to 144, wherein the routingdevice comprises an interface, and wherein the assembled packetcomprises a source address field, the method further comprising:changing, by the routing device, a content of the source address fieldto reflect an address of the interface; and transmitting, by the routingdevice, the packet to a target device via the interface.

Clause 146: A routing device comprising: a first interface configured tocommunicate with a source device; and a processor configured to: receiveat least a first and a second fragment, wherein each respective fragmentof the at least first and second fragments comprises a first fieldindicating that the respective fragment is associated with a packet, andone or more fields including information necessary to assemble thepacket; receive at least one copy of the first fragment and at least onecopy of the second fragment; and assemble the packet from a subset ofthe at least first fragment, the at least second fragment, the at leastone copy of the first fragment, and the at least one copy of the secondfragment.

Clause 147: The routing device of clause 146, wherein to assemble thepacket the processor is configured to: select a first selected-fragmentfrom the group comprising the at least first fragment and the at leastone copy of the first fragment; select a second selected-fragment fromthe group comprising the at least second fragment and the at least onecopy of the second fragment; and assemble the packet from the firstselected-fragment and the second selected fragment.

Clause 148: The routing device of any of clauses 146 or 147, wherein theinformation necessary to assemble the packet comprises informationindicating a position of the at least first and second fragments in asequence of fragments.

Clause 149: The routing device of any of clauses 146 to 148, wherein theone or more fields including information necessary to assemble thepacket comprises a second field indicating a total number of fragmentsrequired to assemble the packet, and a third field indicating a relationof the at least first and second fragments to the total number offragments.

Clause 150: The routing device of any of clauses 146 to 149, wherein theprocessor is further configured to store the assembled packet in aqueue.

Clause 151: The routing device of any of clauses 146 to 150, wherein toassemble the packet the processor is further configured to determinethat the respective first field of the at least first fragment, the atleast second fragment, the at least one copy of the first fragment, andthe at least one copy of the second fragment has a value associated withthe first packet.

Clause 152: The routing device of any of clauses 146 to 151, wherein toassemble the packet the processor is further configured to determinethat the routing device has received at least a fragment or afragment-copy for each fragment associated with the packet.

Clause 153: The routing device of any of clauses 146 to 152, wherein todetermine that the routing device has received at least the fragment orthe fragment-copy for each fragment associated with the packet, theprocessor is configured to examine the respective one or more fields ofthe at least first fragment, the at least second fragment, the at leastone copy of the first fragment, and the at least one copy of the secondfragment.

Clause 154: The routing device of any of clauses 146 to 153, wherein therouting device receives the at least first fragment, the at least secondfragment, the at least one copy of the first fragment, and the at leastone copy of the second fragment via the interface.

Clause 155: The routing device of any of clauses 146 to 153, wherein therouting device further comprises a second interface, and wherein therouting device receives the at least first fragment and the at least onecopy of the first fragment via the first interface and receives the atleast second fragment and the at least one copy of the second fragmentvia the second interface.

Clause 156: The routing device of any of clauses 146 to 155, wherein thefirst interface and the second interface are physical interfaces.

Clause 157: The routing device of any of clauses 146 to 155, wherein thefirst interface and the second interface are virtual interfaces, andwherein the virtual interfaces are configured to receive fragments andcopies of fragments via a physical interface of the routing device, andwherein the virtual interfaces are configured to have a differentaddress than the physical interface.

Clause 158: The routing device of any of clauses 146 to 153, 157 or 157,wherein the routing device further comprises a second interface, andwherein the routing device receives the at least first fragment and theat least one copy of the second fragment via the first interface andreceives the at least second fragment and the at least one copy of thefirst fragment via the second interface.

Clause 159: The routing device of any of clauses 146 to 158, wherein theassembled packet comprises a target address field, and wherein theprocessor is further configured to change a content of the targetaddress field to reflect an address of a target device.

Clause 160: The routing device of any of clauses 146 to 159, wherein therouting device comprises a second interface, wherein the assembledpacket comprises a source address field, and wherein the processor isfurther configured to: change a content of the source address field toreflect an address of the second interface; and transmit the packet to atarget device via the second interface.

Clause 161: A method of managing latency critical network traffic, themethod comprising: receiving, by a routing device via a first interface,a plurality of packets from a first source device and a plurality ofpackets from a second source device; determining, by the routing device,that the plurality of packets from the first source device compriselatency-critical packets and that the plurality of packets from thesecond source device comprise non-critical packets; detecting, by therouting device, a potential issue with the received plurality of packetsby determining one or more characteristic of the plurality of packetsreceived through the first interface; suppressing, by the routingdevice, transmission of non-critical packets by the second source devicevia the first interface based on the detected potential issue;transmitting, by the routing device, the latency-critical packets to afirst client device via a second interface; and transmitting, by therouting device, the non-critical packets to a second client device viathe second interface.

Clause 162: The method of clause 161, wherein the first source deviceand the second source device are the same device.

Clause 163: The method of any of clauses 161 or 162, wherein the firstclient device and the second client device are the same device.

Clause 164: The method of any of clauses 161 to 163, wherein thenon-critical packets received from the second source device areassociated with a logical connection, wherein the logical connection isselected from among the group comprising: a TCP connection, a BitTorrentUDP Tracker connection, and a QUIC connection.

Clause 165: The method of any of clauses 161 to 164, wherein thesuppressing transmission of non-critical packets by the second sourcedevice is performed on a per logical connection basis.

Clause 166: The method of any of clauses 161 to 165, wherein detectingthe potential issue with the received packets comprises detecting a rateof loss of ping packets received from an external device.

Clause 167: The method of any of clauses 161 to 166, wherein the pingpackets are ICMP packets.

Clause 168: The method of any of clauses 161 to 167, wherein theexternal device and the first source device are the same device.

Clause 169: The method of any of clauses 161 to 168, wherein detectingthe potential issue with the received packets comprises measuring around trip time of packets transmitted to and packets received from thefirst source device.

Clause 170: The method of any of clauses 161 to 169, wherein at leastone packet of the plurality of packets received from the first sourcedevice further comprises a first field indicating a reference identifierand a second field indicating an amount of time from when a first packetwith the reference identifier was received by the target device to whenthe at least one packet was sent by the target device to the routingdevice.

Clause 171: The method of any of clauses 161 to 170, wherein detectingthe potential issue with the received packets comprises measuringjitter.

Clause 172: The method of any of clauses 161 to 171, wherein detectingthe potential issue with the received packets comprises receiving fromthe first source device a packet indicating a connection quality betweenthe first interface and the first source device.

Clause 173: The method of any of clauses 161 to 172, wherein detectingthe potential issue with the received packets comprises determining anumber of packets lost in transit between the first source device andthe first interface.

Clause 174: The method of any of clauses 161 to 173, wherein determiningthe number of packets lost in transit comprises comparing the number ofpackets received from the first source device to an expected packetrate.

Clause 175: The method of any of clauses 161 to 174, wherein suppressingtransmission of non-critical packets by the second source devicecomprises dropping some of the non-critical packets received from thesecond source device.

Clause 176: The method of clause 175, wherein dropping some of thenon-critical packets received from the second source device comprisesdropping up to a predefined percentage of non-critical packets.

Clause 177: The method of any of clauses 161 to 176, wherein suppressingtransmission of non-critical packets by the second source devicecomprises delaying transmission of some of the non-critical packetsreceived from the second source device.

Clause 178: The method of any of clauses 161 to 177, further comprisingtransmitting, by the routing device, packets to the second sourcedevice, and wherein suppressing transmission of non-critical packets bythe second source device comprises attaching an Explicit CongestionNotification to packets transmitted from the routing device to thesecond source device.

Clause 179: A routing device comprising: a first and a second interface;and a processor configured to: receive a plurality of packets from afirst source device via the first interface and a plurality of packetsfrom a second source device via the first interface; determine that theplurality of packets from the first source device compriselatency-critical packets and that the plurality of packets from thesecond source device comprise non-critical packets; detect a potentialissue with the received plurality of packets by determining one or morecharacteristics of the plurality of packets received through the firstinterface; suppress transmission of non-critical packets by the secondsource device via the first interface based on the detected potentialissue; transmit the latency-critical packets to a first client devicevia the second interface; and transmit the non-critical packets to asecond client device via the second interface.

Clause 180: The routing device of clause 179, wherein the first sourcedevice and the second source device are the same device.

Clause 181: The routing device of any of clauses 179 or 180, wherein thefirst client device and the second client device are the same device.

Clause 182: The routing device of any of clauses 179 to 181, wherein thenon-critical packets received from the second source device areassociated with a logical connection, wherein the logical connection isselected from among the group comprising: a TCP connection, a BitTorrentUDP Tracker connection, and a QUIC connection.

Clause 183: The routing device of any of clauses 181 to 182, wherein theprocessor suppresses transmission of non-critical packets by the secondsource device on a per logical connection basis.

Clause 184: The routing device of any of clauses 179 to 183, wherein todetect the potential issue with the received packets the processor isconfigured to detect a rate of loss of ping packets received from anexternal device.

Clause 185: The routing device of any of clauses 179 to 184, wherein theping packets are ICMP packets.

Clause 186: The routing device of any of clauses 179 to 185, wherein theexternal device and the first source device are the same device.

Clause 187: The routing device of any of clauses 179 to 186, wherein todetect the potential issue with the received packets the processor isconfigured to measure a round trip time of packets transmitted to andpacket received from the first source device.

Clause 188: The routing device of any of clauses 179 to 187, wherein atleast one packet of the plurality of packets received from the firstsource device further comprises a first field indicating a referenceidentifier and a second field indicating an amount of time from when afirst packet with the reference identifier was received by the targetdevice to when the at least one packet was sent by the target device tothe routing device.

Clause 189: The routing device of any of clauses 179 to 188, wherein todetect the potential issue with the received packets the processor isconfigured to measure jitter.

Clause 190: The routing device of any of clauses 179 to 189, wherein todetect the potential issue with the received packets the processor isconfigured to receive from the first source device a packet indicating aconnection quality between the first interface and the first sourcedevice.

Clause 191: The routing device of any of clauses 179 to 190, wherein todetect the potential issue with the received packets the processor isconfigured to determine a number of packets lost in transit between thefirst source device and the first interface.

Clause 192: The routing device of any of clauses 179 to 191, wherein todetermine the number of packets lost in transit the processor isconfigured to compare the number of packets received from the firstsource device to an expected packet rate.

Clause 193: The routing device of any of clauses 179 to 192, wherein tosuppress transmission of non-critical packets by the second sourcedevice the processor is configured to drop some of the non-criticalpackets received from the second source device.

Clause 194: The routing device of clause 193, wherein to drop some ofthe non-critical packets received from the second source device theprocessor is configured to drop up to a predefined percentage ofnon-critical packets.

Clause 195: The routing device of any of clauses 179 to 194, wherein tosuppress transmission of non-critical packets by the second sourcedevice the processor is configured to delay transmission of some of thenon-critical packets received from the second source device.

Clause 196: The routing device of any of clauses 179 to 195, wherein theprocessor is further configured to transmit packets to the second sourcedevice, and wherein to suppress transmission of non-critical packets bythe second source device the processor is configured to attach anExplicit Congestion Notification to packets transmitted from the routingdevice to the second source device.

Clause 197: A method of managing packets comprising: receiving, by arouting device, a plurality of packets from a source device associatedwith a latency-critical session, wherein each packet comprises a packetidentifier field including a packet identifier value; storing, by therouting device, in a memory one or more data structures indicating alast-packet-received value and at least one missing-packet value,wherein the at least one missing-packet value represents the packetidentifier value of at least one packet associated with thelatency-critical session that has not yet been received by the routingdevice from the source device and that has packet identifier value lessthan the last-packet-received value; identifying, by the routing device,the packet identifier value of a next packet of the plurality of packetsfrom the source device associated with the latency-critical session; andtransmitting, by the routing device, the next packet to a client devicebased on determining that the packet identifier value of the next packetis greater than the last-packet-received value or that the packetidentifier value of the next packet is the same as one of the at leastone missing-packet value.

Clause 198: The method of clause 197, wherein upon determining that thepacket identifier value of the next packet is greater than thelast-packet-received value, the method further comprising updating thelast-packet-received value in the one or more data structures to reflectthe packet identifier value of the next packet.

Clause 199: The method of any of clauses 197 or 198, wherein the one ormore data structures is selected from the group comprising: a file, anarray, and a list.

Clause 200: The method of any of clauses 197 to 199, wherein upondetermining that the packet identifier value of the next packet is thesame as one of the at least one missing-packet value, the method furthercomprising modifying the one or more data structures to indicate thatthe one of the at least one missing-packet value was received.

Clause 201: The method of any of clauses 197 to 200, wherein modifyingthe data structure comprises deleting the one of the at least onemissing-packet value from the one or more data structures.

Clause 202: The method of any of clauses 197 to 201, wherein the one ormore data structures comprises a bitmask.

Clause 203: The method of clause 197 to 202, wherein modifying the oneor more data structures comprises changing the bitmask to indicate thatthe one of the at least one missing-packet value was received.

Clause 204: The method of any of clauses 197 to 203, the method furthercomprising: receiving, by the routing device, at least one packet fromthe client device associated with the latency-critical session;generating, by the routing device, at least one copy-packet of the atleast one packet from the client device associated with thelatency-critical session; and transmitting, by the routing device, theat least one packet and the at least one copy-packet to the sourcedevice.

Clause 205: A routing device comprising: an interface; amachine-readable memory; and a processor configured to: receive aplurality of packets from a source device associated with alatency-critical session, wherein each packet comprises a packetidentifier field including a packet identifier value; store in themachine-readable memory one or more data structures indicating alast-packet-received value and at least one missing-packet value,wherein the at least one missing-packet value represents the packetidentifier value of at least one packet associated with thelatency-critical session that has not yet been received by the routingdevice from the source device and that has packet identifier value lessthan the last-packet-received value; identify the packet identifiervalue of a next packet of the plurality of packets from the sourcedevice associated with the latency-critical session; and transmit thenext packet to a client device based on determining that the packetidentifier value of the next packet is greater than thelast-packet-received value or that the packet identifier value of thenext packet is the same as one of the at least one missing-packet value.

Clause 206: The routing device of clause 205, wherein upon determiningthat the packet identifier value of the next packet is greater than thelast-packet-received value the processor is further configured to updatethe last-packet-received value in the one or more data structures toreflect the packet identifier value of the next packet.

Clause 207: The routing device of any of clauses 205 or 206, wherein theone or more data structures is selected from the group comprising: afile, an array, and a list.

Clause 208: The routing device of any of clauses 205 to 207, whereinupon determining that the packet identifier value of the next packet isthe same as one of the at least one missing-packet value the processoris further configured to modify the one or more data structures toindicate that the one of the at least one missing-packet value wasreceived.

Clause 209: The routing device of any of clauses 205 to 208, wherein tomodify the one or more data structures the processor is furtherconfigured to delete the one of the at least one missing-packet valuefrom the one or more data structures.

Clause 210: The routing device of any of clauses 205 to 209, wherein theone or more data structures comprises a bitmask.

Clause 211: The routing device of clause 205 to 210, wherein to modifythe one or more data structures the processor is further configured tochange the bitmask to indicate that the one of the at least onemissing-packet value was received.

Clause 212: The routing device of any of clauses 205 to 211, wherein theprocessor is further configured to: receive at least one packet from theclient device associated with the latency-critical session; generate atleast one copy-packet of the at least one packet from the client deviceassociated with the latency-critical session; and transmit the at leastone packet and the at least one copy-packet to the source device.

Clause 213: A method of managing data packets, the method comprising:receiving, by a routing device, a plurality of packets from a computingdevice; first packet of the plurality of packets into two or morefragments; generating, by the routing device, a check-fragmentcomprising an XOR of each fragment of the first packet; andtransmitting, by the routing device, each fragment of the two or morefragments and the check-fragment to a target device.

Clause 214: The method of clause 213, wherein the routing devicecomprises at least a first and a second interface configured tocommunicatively couple the routing device to the target device.

Clause 215: The method of any of clauses 213 or 214, wherein thetransmitting comprises transmitting the two or more fragments and thecheck-fragment to the target device via the first and the secondinterface, wherein the routing device transmits at least a firstfragment of the two or more fragments or the check fragment via thefirst interface and a second fragment of the two or more fragments orthe check fragment via the second interface.

Clause 216: The method of any of clauses 213 or 214, wherein the routingdevice comprises at least one interface configured to transmit fragmentsto the target device, and wherein the transmitting comprisestransmitting each fragment of the two or more fragments and thecheck-fragment via a same one of the at least one interface.

Clause 217: The method of any of clauses 213 to 216, wherein splittingthe first packet into the two or more fragments is performed such thateach fragment of the two or more fragments is a same predetermined size.

Clause 218: The method of any of clauses 213 to 217, further comprising:determining, by the routing device, that a first fragment of the two ormore fragments is smaller than the predetermined size; and adding, bythe routing device, a set of padding bits to the first fragment to makethe first fragment the predetermined size.

Clause 219: The method of any of clauses 213 to 218, further comprising:generating, by the routing device, a fragment-copy for each of the twoor more fragments and a check-fragment copy for the check-fragment; andtransmitting the fragment-copies and the check-fragment copy to thetarget device.

Clause 220: The method of any of clauses 213-219, further comprisingdelaying, by the routing device, transmission of the fragment-copy andthe check-fragment copy with respect to the transmission of itsrespective fragment and check-fragment according to a time period.

Clause 221: The method of any of clauses 213 to 215 or 217 to 220,further comprising transmitting the two or more fragments, thefragment-copies of the two or more fragments, the check fragment and thecheck-fragment copy to the target device via the first and the secondinterface, wherein the routing device transmits at least a firstfragment of the two or more fragments, at least a first fragment-copy,the check-fragment, or the check-fragment copy via the first interfaceand at least a second fragment of the two or more fragments, at least asecond fragment copy, the check-fragment or the check-fragment copy viathe second interface.

Clause 222: The method of any of clauses 213 to 221, wherein the firstpacket is a latency-critical packet.

Clause 223: A routing device comprising: a memory configured to store aqueue of a plurality of packets received from a computing device; and aprocessor configured to: split a first packet of the plurality ofpackets into two or more fragments; generate a check-fragment comprisingan XOR of each fragment of the first packet; and transmit each fragmentof the two or more fragments and the check-fragment to a target device.

Clause 224: The routing device of clause 223, further comprising atleast a first and a second interface configured to communicativelycouple the routing device to the target device.

Clause 225: The routing device of any of clauses 223 or 224, wherein theprocessor is configured to transmit the two or more fragments and thecheck-fragment to the target device via the first and the secondinterface, wherein the processor transmits at least a first fragment ofthe two or more fragments or the check fragment via the first interfaceand a second fragment of the two or more fragments or the check fragmentvia the second interface.

Clause 226: The routing device of any of clauses 223 or 224, furthercomprising at least one interface configured to transmit fragments tothe target device, and wherein the processor is configured to transmiteach fragment of the two or more fragments and the check-fragment via asame one of the at least one interface.

Clause 227: The routing device of any of clauses 223 to 226, wherein theprocessor is configured to split the first packet into the two or morefragments such that each fragment of the two or more fragments is a samepredetermined size.

Clause 228: The routing device of any of clauses 223 to 227, wherein theprocessor is further configured to: determine that a first fragment ofthe two or more fragments is smaller than the predetermined size; andadd a set of padding bits to the first fragment to make the firstfragment the predetermined size.

Clause 229: The routing device of any of clauses 223 to 228, wherein theprocessor is further configured to: generate a fragment-copy for each ofthe two or more fragments and a check-fragment copy for thecheck-fragment; and transmit the fragment-copies and the check-fragmentcopy to the target device.

Clause 230: The routing device of any of clauses 223 to 229, wherein theprocessor is further configured to delay transmission of thefragment-copy and the check-fragment copy with respect to thetransmission of its respective fragment and check-fragment according toa time period.

Clause 231: The routing device of any of clauses 223 to 225 or 227 to230, wherein the processor is further configured to transmit the two ormore fragments, the fragment-copies of the two or more fragments, thecheck fragment and the check-fragment copy to the target device via thefirst and the second interface, wherein the processor transmits at leasta first fragment of the two or more fragments, at least a firstfragment-copy, the check-fragment, or the check-fragment copy via thefirst interface and at least a second fragment of the two or morefragments, at least a second fragment copy, the check-fragment or thecheck-fragment copy via the second interface.

Clause 232: The routing device of any of clauses 223 to 231, wherein thefirst packet is a latency-critical packet.

Clause 233: A method of reassembling a packet that was split intofragments when less than all of the fragments are received, the methodcomprising: receiving, by a routing device, all but one of two or morefragments split from a first packet; receiving, by the routing device, acheck-fragment, wherein the check-fragment comprises an XOR of each ofthe two or more fragments split from the first packet; and reassembling,by the routing device, the first packet from the received all but one ofthe two or more fragments and the received check-fragment.

Clause 234: The method of clause 233, wherein the reassembling comprisesperforming an XOR on the received all but one of the two or morefragments and the check-fragment.

Clause 235: The method of any of clauses 233 or 234, wherein each of thetwo or more fragments are a same predetermined size.

Clause 236: A routing device for reassembling a packet that was splitinto fragments when less than all of the fragments are received by therouting device, the routing device comprising: a memory configured tostore a queue of a plurality of fragments received from a computingdevice; and a processor configured to: receive all but one of two ormore fragments split from a first packet; receive a check-fragment,wherein the check-fragment comprises an XOR of each of the two or morefragments split from the first packet; and reassemble the first packetfrom the received all but one of the two or more fragments and thereceived check-fragment.

Clause 237: The routing device of clause 236, where in order toreassemble the first packet the processor is configured to perform anXOR on the received all but one of the two or more fragments and thecheck-fragment.

Clause 238: The routing device of any of clauses 236 or 237, whereineach of the two or more fragments are a same predetermined size.

Clause 241 The method of any one or more of clauses 1, 49, 97, 131, 161,197, 213 or 233, performed together by a routing device.

Clause 242: The device of any one or more of clauses 25, 73, 114, 146,179, 205, 223 or 236, combined together into one device.

FIG. 5 illustrates an exemplary computer system 500 in which the presentdisclosure, or portions thereof, can be implemented as computer-readablecode. For example, latency-oriented router 120, latency-oriented proxy121, intermediate proxy 122, proxy router 123, and/or simple proxy 124in FIGS. 1A-1H and 2A-2E, as well as the processes disclosed herein,including with respect to FIGS. 4A-4J, may be implemented in system 500.After reading this description, it will become apparent to a personskilled in the relevant art how to implement the embodiments using othercomputer systems and/or computer architectures.

Computer system 500 may include one or more processors, such asprocessor 504. Processor 504 can be a special purpose or a generalpurpose processor. Computer system 500 also may include a main memory508, preferably random access memory (RAM). Processor 504 may beconnected to main memory 508 (for example, using one of DDR interfaces,such as DDR2, DDR3, or DDR3L).

Computer system 500 may also include a secondary memory 510. Secondarymemory 510 may include, for example, a hard disk drive (or SSD/Flash)512 (for example, connected to processor 504 via SATA interface, eMMCinterface, or any other similar interface). In alternativeimplementations, secondary memory 510 may include other means forallowing computer programs or other instructions to be loaded intocomputer system 500. Such means may include, for example, a removablestorage unit 522 and an interface 520. Examples of such means mayinclude an SD card and SD interface, a removable memory chip (such as anEPROM or PROM) and respective socket, optical or floppy disc and arespective disk drive, USB flash stick and USB socket, tape and a tapedrive, and other removable storage units that allow software and data tobe transferred from the removable storage unit 522 to computer system500.

Computer system 500 may also include a network interface 524. Networkinterface 524 may include one or more of the following: a modem, an ADSLmodem, cable modem, 3G modem, LTE modem, a NIC (such as an Ethernetcard), Wi-Fi a communications port, a PCMCIA slot and card, or the like.

In this document, the terms “computer program medium” and “computerusable medium” are used to generally refer to media such as removablestorage unit 522, and/or a hard disk drive 512. Computer program mediumand computer usable medium can also refer to memories, such as mainmemory 508 and secondary memory 510, which can be memory semiconductors(e.g., DRAMs, etc.). These computer program products are means forproviding software to computer system 500.

Computer programs (also called computer control logic) are stored inmain memory 508 and/or secondary memory 510. Computer programs may alsobe received via network interface 524. Such computer programs, whenexecuted, enable computer system 500 to implement the present disclosureas discussed herein. In particular, the computer programs, whenexecuted, enable processor 504 to implement the processes of the presentdisclosure, such as the steps in the methods illustrated by flowchartsof FIGS. 4A-4J, discussed above. Accordingly, such computer programsrepresent controllers of the computer system 500. Where the disclosureis implemented using software, the software may be stored in a computerprogram product and loaded into computer system 500 using removablestorage unit 522, interface 520, hard drive 512 or network interface524.

The disclosure is also directed to computer program products comprisingsoftware stored on any computer useable medium. Such software, whenexecuted in one or more data processing device, causes a data processingdevice(s) to operate as described herein. Embodiments of the disclosureemploy any computer useable or readable medium, known now or in thefuture. Examples of computer useable mediums include, but are notlimited to, primary storage devices (e.g., any type of random accessmemory), secondary storage devices (e.g., hard drives, SSDs, floppydisks, tapes, magnetic storage devices, optical storage devices, MEMS,nanotechnological storage device, Flash, etc.), and communicationmediums (e.g., wired and wireless communications networks, local areanetworks, wide area networks, intranets, etc.).

It is to be understood that the various embodiments disclosed herein arenot mutually exclusive and that a particular implementation may includefeatures or capabilities of multiple embodiments discussed herein.

While the present disclosure refers to packets and/or fields withinpackets by certain specific names, it is to be understood that thesenames are not intended to limit the scope of the invention in any wayand that any name or designator may be given to packets and/or fieldsdescribed herein as long as it performs the function and/or serves thepurpose described herein. It is also to be understood that the inventionis not limited to any particular structure and/or organization ofpackets and/or fields therein.

While specific embodiments and applications of the present inventionhave been illustrated and described, it is to be understood that theinvention is not limited to the precise configuration and componentsdisclosed herein. The terms, descriptions and figures used herein areset forth by way of illustration only and are not meant as limitations.Various modifications, changes, and variations which will be apparent tothose skilled in the art may be made in the arrangement, operation, anddetails of the apparatuses, methods and systems of the present inventiondisclosed herein without departing from the spirit and scope of theinvention. By way of non-limiting example, it will be understood thatthe block diagrams included herein are intended to show a selectedsubset of the components of each apparatus and system, and each picturedapparatus and system may include other components which are not shown onthe drawings. Additionally, those with ordinary skill in the art willrecognize that certain steps and functionalities described herein may beomitted or re-ordered without detracting from the scope or performanceof the embodiments described herein.

The various illustrative logical blocks, modules, circuits, andalgorithm steps described in connection with the embodiments disclosedherein may be implemented as electronic hardware, computer software, orcombinations of both. To illustrate this interchangeability of hardwareand software, various illustrative components, blocks, modules,circuits, and steps have been described above generally in terms oftheir functionality. Whether such functionality is implemented ashardware or software depends upon the particular application and designconstraints imposed on the overall system. The described functionalitycan be implemented in varying ways for each particular application—suchas by using any combination of microprocessors, microcontrollers, fieldprogrammable gate arrays (FPGAs), application specific integratedcircuits (ASICs), and/or System on a Chip (SoC)—but such implementationdecisions should not be interpreted as causing a departure from thescope of the present invention.

The steps of a method or algorithm described in connection with theembodiments disclosed herein may be embodied directly in hardware, in asoftware module executed by a processor, or in a combination of the two.A software module may reside in RAM memory, flash memory, ROM memory,EPROM memory, EEPROM memory, registers, hard disk, a removable disk, aCD-ROM, or any other form of storage medium known in the art.

The methods disclosed herein comprise one or more steps or actions forachieving the described method. The method steps and/or actions may beinterchanged with one another without departing from the scope of thepresent invention. In other words, unless a specific order of steps oractions is required for proper operation of the embodiment, the orderand/or use of specific steps and/or actions may be modified withoutdeparting from the scope of the present invention.

What is claimed is:
 1. A method of managing packets, the methodcomprising: receiving, by a routing device comprising a plurality ofinterfaces, a first packet of a plurality of packets comprising a targetaddress field and a source address field, wherein the routing device iscommunicatively coupled to a plurality of devices via the plurality ofinterfaces; generating, by the routing device, a modified first packetfurther comprising a packet identifier field including a packetidentifier; generating, by the routing device, at least a first and asecond fragment from the modified first packet, wherein the at leastfirst and second fragments each comprise a subset of the modified firstpacket and whereby the modified first packet is capable of beingreassembled from the at least first and second fragments, and whereinthe at least first and second fragments each comprise a packetidentifier field having a same packet identifier as the modified firstpacket; generating, by the routing device, at least one fragment-copy ofthe first fragment, wherein the at least one fragment-copy of the firstfragment comprises a packet identifier field having a same packetidentifier as the first fragment; generating, by the routing device, atleast one fragment-copy of the second fragment, wherein the at least onefragment-copy of the second fragment comprises a packet identifier fieldhaving a same packet identifier as the second fragment; identifying, bythe routing device, at least one characteristic of the first packet;determining, by the routing device, a first time period and a secondtime period based on the at least one characteristic; and transmitting,by the routing device, the first fragment, the at least onefragment-copy of the first fragment, the second fragment and the atleast one fragment-copy of the second fragment to a target device,wherein transmission of the at least one fragment-copy of the firstfragment is delayed with respect to transmission of the first fragmentaccording to the first time period and transmission of the at least onefragment-copy of the second fragment is delayed with respect totransmission of the second fragment according to the second time period.2. The method of claim 1, wherein the transmitting comprises:transmitting the first fragment and a first fragment-copy of the secondfragment to the target device via a first interface; and transmittingthe second fragment and a first fragment-copy of the first fragment tothe target device via a second interface.
 3. The method of claim 2,wherein the first interface and the second interface are physicalinterfaces.
 4. The method of claim 2, wherein the first interface andthe second interface are virtual interfaces, and wherein the virtualinterfaces are configured to transmit and receive packets or fragmentsvia a physical interface of the routing device, and wherein the virtualinterfaces are configured to have a different address than the physicalinterface.
 5. The method of claim 2, wherein the first fragment, thefirst fragment-copy of the first fragment, the second fragment, and thefirst fragment-copy of the second fragment each further comprise asource address field, the method further comprising: changing, by therouting device, a content of the source address field of the firstfragment and a content of the source address field of the firstfragment-copy of the second fragment to reflect an address of the firstinterface; and changing, by the routing device, a content of the sourceaddress field of the second fragment and a content of the source addressfield of the first fragment-copy of the first fragment to reflect anaddress of the second interface.
 6. The method of claim 1, wherein thefirst time period and the second time period are the same.
 7. The methodof claim 1, wherein the at least one characteristic of the first packetis selected from the group comprising an app type and a detected packetrate, and wherein the detected packet rate is a number of the pluralityof packets received over a predetermined amount of time.
 8. The methodof claim 1, further comprising changing, by the routing device, acontent of the target address field of the modified first packet toreflect an address of the target device, and wherein the at least firstand second fragments comprise a target address field including theaddress of the target device.
 9. The method of claim 1, wherein the atleast first and second fragments further comprise a target addressfield, the method further comprising: changing the target address fieldof the first fragment to reflect a first address of the target device;and changing the target address field of the second fragment to reflecta second address of the target device.
 10. The method of claim 1,wherein at least one packet in the plurality of packets is an IPv4packet or an IPv6 packet.
 11. The method of claim 1, wherein generatingthe at least first and second fragments further comprises determining,by the routing device, that the first packet exceeds a threshold size.12. The method of claim 11, wherein the threshold size is between 50 to100 bytes.
 13. The method of claim 11, wherein the threshold size isbetween 100 to 200 bytes.
 14. The method of claim 11, wherein thethreshold size is based upon an app type of the first packet.
 15. Themethod of claim 1, wherein the at least first and second fragments eachfurther comprise a field indicating a total number of fragmentscomprising the modified first packet.
 16. A routing device comprising: aplurality of interfaces, wherein the routing device is communicativelycoupled to a plurality of devices via the plurality of interfaces; and aprocessor configured to: receive a first packet of a plurality ofpackets comprising a target address field and a source address field;generate a modified first packet further comprising a packet identifierfield including a packet identifier; generate at least a first and asecond fragment from the modified first packet, wherein the at leastfirst and second fragments each comprise a subset of the modified firstpacket and whereby the modified first packet is capable of beingreassembled from the at least first and second fragments, and whereinthe at least first and second fragments each comprise a packetidentifier field having a same packet identifier as the modified firstpacket; generate at least one fragment-copy of the first fragment,wherein the at least one fragment-copy of the first fragment comprises apacket identifier field having a same packet identifier as the firstfragment; generate at least one fragment-copy of the second fragment,wherein the at least one fragment-copy of the second fragment comprisesa packet identifier field having a same packet identifier as the secondfragment; identify at least one characteristic of the first packet;determine a first time period and a second time period based on the atleast one characteristic; and transmit the first fragment, the at leastone fragment-copy of the first fragment, the second fragment and the atleast one fragment copy of the second fragment to a target device,wherein the processor is configured to delay transmission of the atleast one fragment-copy of the first fragment with respect totransmission of the first fragment according to the first time periodand delay transmission of the at least one fragment-copy of the secondfragment with respect to transmission of the second fragment accordingto the second time period.
 17. The routing device of claim 16, whereinto transmit the processor is configured to: transmit the first fragmentand a first fragment-copy of the second fragment to the target devicevia a first interface; and transmit the second fragment and a firstfragment-copy of the first fragment to the target device via a secondinterface.
 18. The routing device of claim 17, wherein the firstinterface and the second interface are physical interfaces.
 19. Therouting device of claim 17, wherein the first interface and the secondinterface are virtual interfaces, and wherein the virtual interfaces areconfigured to transmit and receive packets or fragments via a physicalinterface of the routing device, and wherein the virtual interfaces areconfigured to have a different address than the physical interface. 20.The routing device of claim 17, wherein the first fragment, the firstfragment-copy of the first fragment, the second fragment, and the firstfragment-copy of the second fragment each further comprise a sourceaddress field, and wherein the processor is further configured to:change a content of the source address field of the first fragment and acontent of the source address field of the first fragment-copy of thesecond fragment to reflect an address of the first interface; and changea content of the source address field of the second fragment and acontent of the source address field of the first fragment-copy of thefirst fragment to reflect an address of the second interface.
 21. Theproxy device of claim 16, wherein the first time period and the secondtime period are the same.
 22. The routing device of claim 16, whereinthe at least one characteristic of the first packet is selected from thegroup comprising an app type and a detected packet rate, and wherein thedetected packet rate is a number of the plurality of packets receivedover a predetermined amount of time.
 23. The routing device of claim 16,wherein the processor is further configured to change a content of thetarget address field of the modified first packet to reflect an addressof the target device, and wherein the at least first and secondfragments comprise a target address field including the address of thetarget device.
 24. The routing device of claim 16, wherein the at leastfirst and second fragments further comprise a target address field andwherein the processor is further configured to: change the targetaddress field of the first fragment to reflect a first address of thetarget device; and change the target address field of the secondfragment to reflect a second address of the target device.
 25. Therouting device of claim 16, wherein at least one packet in the pluralityof packets is an IPv4 packet or an IPv6 packet.
 26. The routing deviceof claim 16, wherein to generate the at least first and secondfragments, the processor is further configured to determine that thefirst packet exceeds a threshold size.
 27. The routing device of claim26, wherein the threshold size is between 50 to 100 bytes.
 28. Therouting device of claim 26, wherein the threshold size is between 100 to200 bytes.
 29. The routing device of claim 26, wherein the thresholdsize is based upon an app type of the first packet.
 30. The routingdevice of claim 16, wherein the at least first and second fragments eachfurther comprise a field indicating a total number of fragmentscomprising the modified first packet.